[WebProfilerBundle] force the Content-Type to html in the web profiler controllers #8050
Conversation
|
I think you also need to do that in the other controllers (Router and Exception). |
|
done |
| @@ -64,7 +64,7 @@ public function showAction($token) | |||
| 'logger' => null, | |||
| 'currentContent' => '', | |||
| ) | |||
| )); | |||
| ), 200, array('Content-Type' => 'text/html')); | |||
There was a problem hiding this comment.
You forget it return new Response($handler->getContent($exception)); and return new Response($handler->getStylesheet($exception)); (whatever the content-type here is)
|
Thinking about it, the Response class should by default add a Content-Type header with text/html. |
|
Also it would then be possible to comply with RFC that says
When a Response with a content-type is returned by a controller (default text/html) which is not accepted by the Request, we can simply return a 406. Currently it will for example just send our HTML content as text/plain (the prefered accepted Content-Type). |
|
I guess the issue we have is the lack of content type negotiation to properly determine the format to be used in the response. At any rate for now its the responsibility of the controller to determine what format to return and imho therefore its the controllers responsibility to ensure that the Response returns with the appropriate content type. Now right now it can do so in two ways:
To me 2) is the wrong approach conceptually, which is why I chose 1). Now if we make Right now the assumption is that unless a content type was set, the controller will return the content type as defined in the request. I think this is too simplistic. So maybe the proper thing to do is to remove: |
|
Yes I agree 1) is the correct approach. People who want to respond with something else than html, can simply override the header. But as most cases return html, they don't need to set html again. As you can see in this PR, things get really verbose otherwise. The code you want to remove is simplistic, but is only executed when there is no Content-Type set yet. This makes sense, otherwise the response might have not Content-Type at all. Not sure if that is valid. This is why I proposed to make html the default. So the code above is only executed when somebody explicitly removed the header and wants to rely on the request format. People who respond with html, don't need to do anything. People who respond with something else like css, need to set the content-type explicitly (just as before). |
|
right so if one wants to have the content type automatically set one would need to write: to me that is more sensible .. but its a BC break :-/ |
|
Yep, but to me the only future-proof solution. |
|
Well, removing the simplistic Content-Type setting based on the request format as you mentioned above might still be a good idea. Because if no Content-Type is sent, the browser does content-type sniffing, which is definitely better than setting a wrong content-type just because it's in the accept headers. |
|
@Tobion We cannot remove it until 3.0. It is a huge BC break. Using |
|
right .. so what i did in this PR is the best course of action imho. |
|
@fabpot ping. since we cannot do the "proper" fix at this point, this seems like the safest solution. |
This PR was merged into the 2.2 branch. Discussion ---------- [WebProfilerBundle] force the Content-Type to html in the web profiler controllers | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | [](https://travis-ci.org/lsmith77/symfony) | Fixed tickets | - | License | MIT | Doc PR | - This just forces the Content-Type to match what will be returned, otherwise if the request format happens to be something else than HTML (which can be the case when building an app that only does JSON/XML with FOSRestBundle) it can happen that the Response class automatically sets a different Content-Type. The approach taken here matches https://github.com/nelmio/NelmioApiDocBundle/blob/master/Controller/ApiDocController.php#L24 Commits ------- 6d2135b force the Content-Type to html in the web profiler controllers
](https://travis-ci.org/lsmith77/symfony){kind=link}
This just forces the Content-Type to match what will be returned, otherwise if the request format happens to be something else than HTML (which can be the case when building an app that only does JSON/XML with FOSRestBundle) it can happen that the Response class automatically sets a different Content-Type.
The approach taken here matches https://github.com/nelmio/NelmioApiDocBundle/blob/master/Controller/ApiDocController.php#L24