Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pass custom request headers when following redirects #91

Merged
merged 3 commits into from
Feb 9, 2018

Conversation

seregazhuk
Copy link
Contributor

This PR fixes #88

@clue
Copy link
Owner

clue commented Jan 23, 2018

Thank you for this PR, I would love to get this feature in! 👍

However, there are a number of HTTP request headers that probably should not be forwarded, for example request/request@210b326#diff-ccc0734f65dd7a299409ff07d35be095R1255. Did you have a chance to look into this?

@seregazhuk
Copy link
Contributor Author

@clue done!

I've moved redirect request creation logic into a separate method, so onResponseRedirect() handler still stays clear.
For each use case from your suggestion I've added its own test. Maybe it looks too verbose, but you can be sure that this logic is covered.

Looking forward to your feedback 😎

Copy link
Owner

@clue clue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the very quick update! The changes LGTM for the most part, but I've added a minor remark below 👍

->withoutHeader('Content-Type')
->withoutHeader('Content-Length');

if($location->getHost() !== $originalHost) {
Copy link
Owner

@clue clue Jan 23, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's my understanding this should probably verify the whole authority, no? (For example when redirecting from https:// to http:// (not sure about the other way around) or using another port etc.)

Also, this block could use a small comment (why), plus minor CS fix 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We remove authorization only on changing hostname (not if just changing ports or protocols). I've added a description comment and fixed CS.

@seregazhuk
Copy link
Contributor Author

seregazhuk commented Jan 25, 2018

I've added some comments explaining the logic, and fixed CS issue 😎

->withoutHeader('Content-Length');

// Remove authorization if changing hostnames (but not if just changing ports or protocols).
if ($location->getHost() !== $originalHost) {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See my above comment, do you have a specific use case in mind where it makes sense to keep this if the URI components change, but the host stays the same? It's still my understanding that this should check the URI authority instead, but perhaps I'm missing a relevant use case?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually my assumptions about this behavior are based on other implementations:

It looks like request and composer only check for host difference. Or I'm missing some-thing?

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for looking this up, no objections in this case 👍

@clue clue changed the title Fix custom request headers when following redirect Pass custom request headers when following redirects Feb 9, 2018
@clue clue added this to the v2.3.0 milestone Feb 9, 2018
@clue clue merged commit f56a136 into clue:master Feb 9, 2018
clue added a commit to clue-labs/reactphp-buzz that referenced this pull request Feb 9, 2018
clue added a commit to clue-labs/reactphp-buzz that referenced this pull request Feb 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Custom headers not re-used when following redirect
2 participants