bug #50226 [HttpClient] Ensure HttplugClient ignores invalid HTTP hea…

…ders (nicolas-grekas) This PR was merged into the 5.4 branch. Discussion ---------- [HttpClient] Ensure HttplugClient ignores invalid HTTP headers | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - Something we forgot in #47415 Commits ------- f702e66 [HttpClient] Ensure HttplugClient ignores invalid HTTP headers
symfony · May 3, 2023 · 1d52937 · 1d52937
2 parents 3683d73 + f702e66
commit 1d52937
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 1 deletion.
diff --git a/composer.json b/composer.json
@@ -165,6 +165,7 @@
     },
     "config": {
         "allow-plugins": {
+            "php-http/discovery": false,
             "symfony/runtime": true
         }
     },

diff --git a/src/Symfony/Component/HttpClient/Internal/HttplugWaitLoop.php b/src/Symfony/Component/HttpClient/Internal/HttplugWaitLoop.php
@@ -120,7 +120,11 @@ public function createPsr7Response(ResponseInterface $response, bool $buffer = f
 
         foreach ($response->getHeaders(false) as $name => $values) {
             foreach ($values as $value) {
-                $psrResponse = $psrResponse->withAddedHeader($name, $value);
+                try {
+                    $psrResponse = $psrResponse->withAddedHeader($name, $value);
+                } catch (\InvalidArgumentException $e) {
+                    // ignore invalid header
+                }
             }
         }
 

diff --git a/src/Symfony/Component/HttpClient/Tests/HttplugClientTest.php b/src/Symfony/Component/HttpClient/Tests/HttplugClientTest.php
@@ -267,4 +267,22 @@ function (\Exception $exception) use ($errorMessage, &$failureCallableCalled, $c
         $this->assertSame(200, $response->getStatusCode());
         $this->assertSame('OK', (string) $response->getBody());
     }
+
+    public function testInvalidHeaderResponse()
+    {
+        $responseHeaders = [
+            // space in header name not allowed in RFC 7230
+            ' X-XSS-Protection' => '0',
+            'Cache-Control' => 'no-cache',
+        ];
+        $response = new MockResponse('body', ['response_headers' => $responseHeaders]);
+        $this->assertArrayHasKey(' x-xss-protection', $response->getHeaders());
+
+        $client = new HttplugClient(new MockHttpClient($response));
+        $request = $client->createRequest('POST', 'http://localhost:8057/post')
+            ->withBody($client->createStream('foo=0123456789'));
+
+        $resultResponse = $client->sendRequest($request);
+        $this->assertCount(1, $resultResponse->getHeaders());
+    }
 }