Skip to content

Commit

Permalink
Set cookie headers only on requests to host in url (#337)
Browse files Browse the repository at this point in the history
  • Loading branch information
@webignition
webignition committed Dec 18, 2018
1 parent 8900f23 commit 16c931f
Show file tree
Hide file tree
Showing 19 changed files with 876 additions and 176 deletions.
2 changes: 1 addition & 1 deletion composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
"symfony/orm-pack": "^1.0",
"symfony/yaml": "*",
"webignition/guzzle-curl-exception": "^1",
"webignition/http-headers": ">=0.1,<1",
"webignition/http-headers": ">=0.3,<1",
"webignition/http-history-container": ">=0.3,<1",
"webignition/internet-media-type": "^2"
},
Expand Down
15 changes: 8 additions & 7 deletions composer.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

26 changes: 13 additions & 13 deletions docs/includes/ascii-diagram/callback.rst
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
::

+---------------+ +-----------------+
| | POST http://callback.example.com/ | |
| | { | |
| | "request_id": "118e35f631be802c41b…", | |
| | "status": "success", | |
| | "headers": { | |
| | "content-type": "text/html;" | |
| Your | }, | |
| callback | "content": "PGRvY3R5cGUgaHRtbD4=" | Asynchronous |
| handler | } | HTTP |
| | | Retriever |
| | <-----------------------------------------------------+ | |
+---------------+ +-----------------+
+-------------+ +--------------+
| | POST http://callback.example.com/ | |
| | { | |
| | "request_id": "118e35f631be802c41b…", | |
| | "status": "success", | |
| | "headers": { | |
| | "content-type": "text/html;" | |
| Your | }, | |
| callback | "content": "PGRvY3R5cGUgaHRtbD4=" | Asynchronous |
| handler | } | HTTP |
| | | Retriever |
| | <---------------------------------------------------------+ | |
+-------------+ +--------------+
46 changes: 28 additions & 18 deletions docs/includes/ascii-diagram/request.rst
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,30 @@
::

+---------------+ +-----------------+
| | | |
| | POST http://localhost:8001/ | |
| | url=http://example.com/ | |
| | callback=http://callback.example.com/ | |
| | headers={"User-Agent":"Chrome, honest"} | Asynchronous |
| Your | | HTTP |
| application | +-----------------------------------------------------> | retriever |
| | | |
| | | |
| | | |
| | | |
| | HTTP 200 OK | |
| | Content-Type: application/json | |
| | | |
| | "118e35f631be802c41bec5c9dfb0f415" | |
| | <-----------------------------------------------------+ | |
+---------------+ +-----------------+
+--------------+ +--------------+
| | | |
| | POST http://localhost:8001/ | |
| | url=http://example.com/ | |
| | callback=http://callback.example.com/ | |
| | headers={ | |
| | "User-Agent":"Chrome, honest" | |
| | } | |
| | parameters={ | |
| | "cookies": { | |
| | } | |
| | } | |
| | | |
| | | |
| | | Asynchronous |
| Your | | HTTP |
| application | +--------------------------------------------------------> | retriever |
| | | |
| | | |
| | | |
| | | |
| | HTTP 200 OK | |
| | Content-Type: application/json | |
| | | |
| | "118e35f631be802c41bec5c9dfb0f415" | |
| | <--------------------------------------------------------+ | |
+--------------+ +--------------+
+
5 changes: 3 additions & 2 deletions docs/includes/overview/short-description.rst
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
Send a ``POST`` request containing ``url``, ``callback`` and (optionally) ``header`` values. Content for the given
``url`` will be retrieved *eventually* and sent in a ``POST`` request to the specified ``callback`` url.
Send a ``POST`` request containing ``url``, ``callback``, (optionally) ``header`` and (optionally) ``parameter`` values.
Content for the given ``url`` will be retrieved *eventually* and sent in a ``POST`` request to the specified
``callback`` url.
60 changes: 50 additions & 10 deletions docs/requesting-a-resource.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,14 @@ You can optionally provide a ``headers`` parameter defining headers to send when
The collection of headers can contain whatever keys and values you need to satisfy a request. This might include
specifying the `User-Agent`_, passing along `Authorization`_ or setting `Cookies`_.

============= ====================================================== =======
Name Description Example
============= ====================================================== =======
``url`` URL of the resource to be retrieved ``http://example.com``
``callback`` URL to which the resource should be sent ``https://httpbin.org/post``
``headers`` JSON-encoded key:value pairs ``{"User-Agent":"Chrome, honest"}``
============= ====================================================== =======
=============== ====================================================== =======
Name Description Example
=============== ====================================================== =======
``url`` URL of the resource to be retrieved ``http://example.com``
``callback`` URL to which the resource should be sent ``https://httpbin.org/post``
``headers`` JSON-encoded key:value pairs ``{"User-Agent":"Chrome, honest"}``
``parameters`` JSON-encoded parameters ``{"cookies":{"domain": "…"}}``
=============== ====================================================== =======

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Curl Example Without Headers
Expand All @@ -48,6 +49,46 @@ Curl Example With Headers
"ea8a4d4eb1840d0bec6284658a8ef064"
----------------------------
Specifying Cookie Parameters
----------------------------

Including a ``Cookie`` header in your request for a resource will result in an equivalent ``Cookie`` header being
sent with the relevant HTTP request.

.. code-block:: sh
curl -X POST http://localhost:8001/ \
-d 'url=http://example.com/&headers={"Cookie":"key=value"}&callback=https://httpbin.org/post'
Cookies may contain sensitive information. The request for a resource may be redirected to another host. You do not
want to pass potentially-sensitive information to another host. No, you don't. Trust me.

Add to your ``parameters`` value a cookie parameters object:

.. code-block:: json
{
"cookie": {
"domain": ".example.com",
"path": "/"
}
}
.. code-block:: sh
curl -X POST http://localhost:8001/ \
-d 'url=http://example.com/&headers={"Cookie":"key=value"}&parameters={"cookies":{"domain":".example.com","path":"/"}}&callback=https://httpbin.org/post'
You must include ``domain`` and ``path`` values. It is up to you to choose the correct values for the resource
you are requesting.

Only requests against URLs that match the given ``domain`` and ``path`` values will have the relevant ``Cookie`` header
set. Cookie parameters prevent cookie data from being exposed where it should not be.

If you specify a ``Cookie`` header but do not specify cookie parameters, no cookies will be sent with the request
to retrieve the resource.

--------------------------
Understanding The Response
--------------------------
Expand All @@ -58,10 +99,9 @@ Understanding The Response
Successful Request (200)
~~~~~~~~~~~~~~~~~~~~~~~~

The response body (``"118e35f631be802c41bec5c9dfb0f415"`` in the first example, ``"ea8a4d4eb1840d0bec6284658a8ef064"``
in the second example) is a json-encoded request ID.
The response body (``"118e35f631be802c41bec5c9dfb0f415"`` in the very first example) is a json-encoded request ID.

The request ID is unique to the combination of ``url`` and ``headers``.
The request ID is unique to the combination of ``url``, ``headers`` and ``parameters``.

Store the request ID in *your* application. The request ID is sent with the requested resource to the given
``callback`` URL. Use the request ID to map the response you receive to the request that you made.
Expand Down
21 changes: 19 additions & 2 deletions src/Controller/RequestController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,8 +75,10 @@ public function requestAction(Request $request): Response
return new Response('', 400);
}

$parameters = $this->createParametersFromRequest($requestData->get('parameters'));
$headers = $this->createHeadersFromRequest($requestData->get('headers'));
$requestIdentifier = new RequestIdentifier($url, $headers);

$requestIdentifier = new RequestIdentifier($url, array_merge($headers->toArray(), $parameters));
$requestHash = $requestIdentifier->getHash();

$logCallbackResponse = $requestData->has('log-callback-response')
Expand All @@ -101,7 +103,7 @@ public function requestAction(Request $request): Response
(new SuccessResponse($requestHash))->jsonSerialize()
));
} else {
$this->messageBus->dispatch(new RetrieveResource($requestHash, $url, $headers));
$this->messageBus->dispatch(new RetrieveResource($requestHash, $url, $headers, $parameters));
}

return new JsonResponse((string) $requestIdentifier, 200);
Expand All @@ -121,4 +123,19 @@ private function createHeadersFromRequest($requestHeaders): Headers

return new Headers($headerValues);
}

private function createParametersFromRequest($requestParameters): array
{
$parameters = [];

if (is_string($requestParameters)) {
$parameters = json_decode($requestParameters, true);

if (!is_array($parameters)) {
$parameters = [];
}
}

return $parameters;
}
}
22 changes: 20 additions & 2 deletions src/Message/RetrieveResource.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

namespace App\Message;

use App\Model\RequestParameters;
use webignition\HttpHeaders\Headers;

class RetrieveResource implements \JsonSerializable
Expand All @@ -21,18 +22,29 @@ class RetrieveResource implements \JsonSerializable
*/
private $headers = [];

/**
* @var array
*/
private $parameters = [];

/**
* @var int
*/
private $retryCount = 0;

public function __construct(string $requestHash, string $url, ?Headers $headers = null, ?int $retryCount = 0)
{
public function __construct(
string $requestHash,
string $url,
Headers $headers,
array $parameters,
?int $retryCount = 0
) {
$headers = $headers ?? new Headers();

$this->requestHash = $requestHash;
$this->url = $url;
$this->headers = $headers->toArray();
$this->parameters = $parameters;
$this->retryCount = $retryCount ?? 0;
}

Expand All @@ -51,6 +63,11 @@ public function getHeaders(): Headers
return new Headers($this->headers);
}

public function getParameters(): RequestParameters
{
return new RequestParameters($this->parameters);
}

public function incrementRetryCount()
{
$this->retryCount++;
Expand All @@ -67,6 +84,7 @@ public function jsonSerialize(): array
'requestHash' => $this->requestHash,
'url' => $this->url,
'headers' => $this->headers,
'parameters' => $this->parameters,
'retryCount' => $this->retryCount,
];
}
Expand Down
3 changes: 2 additions & 1 deletion src/MessageHandler/RetrieveResourceHandler.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,8 @@ public function __invoke(RetrieveResource $retrieveResourceMessage)
try {
$requestResponse = $this->resourceRetriever->retrieve(
$retrieveResourceMessage->getUrl(),
$retrieveResourceMessage->getHeaders()
$retrieveResourceMessage->getHeaders(),
$retrieveResourceMessage->getParameters()
);

$httpResponse = $requestResponse->getResponse();
Expand Down
25 changes: 25 additions & 0 deletions src/Model/CookieParameters.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
<?php

namespace App\Model;

class CookieParameters
{
private $domain;
private $path;

public function __construct(string $domain, string $path)
{
$this->domain = $domain;
$this->path = $path;
}

public function getDomain(): string
{
return $this->domain;
}

public function getPath(): string
{
return $this->path;
}
}
10 changes: 4 additions & 6 deletions src/Model/RequestIdentifier.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@

namespace App\Model;

use webignition\HttpHeaders\Headers;

class RequestIdentifier
{
/**
Expand All @@ -14,18 +12,18 @@ class RequestIdentifier
/**
* @var array
*/
private $headers = [];
private $parameters = [];

/**
* @var string
*/
private $hash = '';

public function __construct(string $url, Headers $headers)
public function __construct(string $url, array $parameters)
{
$this->url = $url;
$this->headers = $headers;
$this->hash = md5($this->url . $this->headers->createHash());
$this->parameters = $parameters;
$this->hash = md5($this->url . json_encode($parameters));
}

public function getHash(): string
Expand Down

0 comments on commit 16c931f

Please sign in to comment.