bug #13200 Don't add Accept-Range header on unsafe HTTP requests (jaytaph)
This PR was submitted for the 2.7 branch but it was merged into the 2.3 branch instead (closes #13200).
Discussion
----------
Don't add Accept-Range header on unsafe HTTP requests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12556
| License | MIT
| Doc PR | N/A
Commits
-------
24a287f
Don't add Accept-Range header on unsafe HTTP requests
This commit is contained in:
commit
6116d335ae
@ -169,7 +169,11 @@ class BinaryFileResponse extends Response
|
|||||||
public function prepare(Request $request)
|
public function prepare(Request $request)
|
||||||
{
|
{
|
||||||
$this->headers->set('Content-Length', $this->file->getSize());
|
$this->headers->set('Content-Length', $this->file->getSize());
|
||||||
$this->headers->set('Accept-Ranges', 'bytes');
|
|
||||||
|
if (!$this->headers->has('Accept-Ranges')) {
|
||||||
|
// Only accept ranges on safe HTTP methods
|
||||||
|
$this->headers->set('Accept-Ranges', $request->isMethodSafe() ? 'bytes' : 'none');
|
||||||
|
}
|
||||||
|
|
||||||
if (!$this->headers->has('Content-Type')) {
|
if (!$this->headers->has('Content-Type')) {
|
||||||
$this->headers->set('Content-Type', $this->file->getMimeType() ?: 'application/octet-stream');
|
$this->headers->set('Content-Type', $this->file->getMimeType() ?: 'application/octet-stream');
|
||||||
|
@ -200,6 +200,25 @@ class BinaryFileResponseTest extends ResponseTestCase
|
|||||||
$this->assertEquals(realpath($response->getFile()->getPathname()), realpath($filePath));
|
$this->assertEquals(realpath($response->getFile()->getPathname()), realpath($filePath));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testAcceptRangeOnUnsafeMethods()
|
||||||
|
{
|
||||||
|
$request = Request::create('/', 'POST');
|
||||||
|
$response = BinaryFileResponse::create(__DIR__.'/File/Fixtures/test.gif');
|
||||||
|
$response->prepare($request);
|
||||||
|
|
||||||
|
$this->assertEquals('none', $response->headers->get('Accept-Ranges'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testAcceptRangeNotOverriden()
|
||||||
|
{
|
||||||
|
$request = Request::create('/', 'POST');
|
||||||
|
$response = BinaryFileResponse::create(__DIR__.'/File/Fixtures/test.gif');
|
||||||
|
$response->headers->set('Accept-Ranges', 'foo');
|
||||||
|
$response->prepare($request);
|
||||||
|
|
||||||
|
$this->assertEquals('foo', $response->headers->get('Accept-Ranges'));
|
||||||
|
}
|
||||||
|
|
||||||
public function getSampleXAccelMappings()
|
public function getSampleXAccelMappings()
|
||||||
{
|
{
|
||||||
return array(
|
return array(
|
||||||
|
Reference in New Issue
Block a user