Don't add Accept-Range header on unsafe HTTP requests
This commit is contained in:
parent
cb79d91059
commit
24a287f492
@ -169,7 +169,11 @@ class BinaryFileResponse extends Response
|
||||
public function prepare(Request $request)
|
||||
{
|
||||
$this->headers->set('Content-Length', $this->file->getSize());
|
||||
$this->headers->set('Accept-Ranges', 'bytes');
|
||||
|
||||
if (!$this->headers->has('Accept-Ranges')) {
|
||||
// Only accept ranges on safe HTTP methods
|
||||
$this->headers->set('Accept-Ranges', $request->isMethodSafe() ? 'bytes' : 'none');
|
||||
}
|
||||
|
||||
if (!$this->headers->has('Content-Type')) {
|
||||
$this->headers->set('Content-Type', $this->file->getMimeType() ?: 'application/octet-stream');
|
||||
|
@ -200,6 +200,25 @@ class BinaryFileResponseTest extends ResponseTestCase
|
||||
$this->assertEquals(realpath($response->getFile()->getPathname()), realpath($filePath));
|
||||
}
|
||||
|
||||
public function testAcceptRangeOnUnsafeMethods()
|
||||
{
|
||||
$request = Request::create('/', 'POST');
|
||||
$response = BinaryFileResponse::create(__DIR__.'/File/Fixtures/test.gif');
|
||||
$response->prepare($request);
|
||||
|
||||
$this->assertEquals('none', $response->headers->get('Accept-Ranges'));
|
||||
}
|
||||
|
||||
public function testAcceptRangeNotOverriden()
|
||||
{
|
||||
$request = Request::create('/', 'POST');
|
||||
$response = BinaryFileResponse::create(__DIR__.'/File/Fixtures/test.gif');
|
||||
$response->headers->set('Accept-Ranges', 'foo');
|
||||
$response->prepare($request);
|
||||
|
||||
$this->assertEquals('foo', $response->headers->get('Accept-Ranges'));
|
||||
}
|
||||
|
||||
public function getSampleXAccelMappings()
|
||||
{
|
||||
return array(
|
||||
|
Reference in New Issue
Block a user