You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 30, 2020. It is now read-only.
Setting the "Content-Length" header to 0, will return an empty header line Content-Length: in the response.
This might break CORS preflight requests processed by load-balancers (e.g. on fortrabbit).
Problem is located in the \Zend\Http\Header\ContentLength constructor, that does not sets the $value property if 0 is passed.
Issue can be fixed in \Zend\Http\Header\ContentLength either:
changing the constructor behavior (accepting 0 or '0' as value):
from if ($value) { to if ($value !== null) {
Note: all other classes in the Zend\Http\Header namespace have the same similar (buggy?) constructor (except GenericHeader).
Hi
Setting the
"Content-Length"
header to0
, will return an empty header lineContent-Length:
in the response.This might break CORS preflight requests processed by load-balancers (e.g. on fortrabbit).
Problem is located in the
\Zend\Http\Header\ContentLength
constructor, that does not sets the$value
property if0
is passed.Issue can be fixed in
\Zend\Http\Header\ContentLength
either:changing the constructor behavior (accepting
0
or'0'
as value):from
if ($value) {
toif ($value !== null) {
Note: all other classes in the Zend\Http\Header namespace have the same similar (buggy?) constructor (except GenericHeader).
changing the
getFieldValue
method to:As soon as fixed I recommend to change the requirement of "zfr/zfr-cors" to the newest version of "zendframework/zend-http"
Kind regards,
Curzio
The text was updated successfully, but these errors were encountered: