* 4.3:
[Validator] fix deprecation layer of ValidatorBuilder
[HttpKernel] Fix missing use for request and response classes
bumped Symfony version to 4.3.2
updated VERSION for 4.3.1
updated CHANGELOG for 4.3.1
* 4.3:
[HttpKernel] fix link to source generation
[Doctrine Bridge] Check field type before adding Length constraint
[FrameworkBundle] fix BC-breaking property in WebTestAssertionsTrait
[Cache] Pass arg to get callback everywhere
Fix DoctrineBridge upgrade 5.0
[FramworkBundle][HttpKernel] fix KernelBrowser BC layer
Add a missing quote in getValue() DocBlock
[Messenger] Add runtime check for ext redis version
[HttpFoundation] Fixed case-sensitive handling of cache-control header in RedirectResponse constructor.
minor: ChoiceType callable deprecation after/before seems wrong
* 4.3:
[Cache] Fixed undefined variable in ArrayTrait
[HttpClient] revert bad logic around JSON_THROW_ON_ERROR
[HttpKernel] Fix handling non-catchable fatal errors
Fix json-encoding when JSON_THROW_ON_ERROR is used
[HttpFoundation] work around PHP 7.3 bug related to json_encode()
[HttpClient] add $response->cancel()
[Security] added support for updated \"distinguished name\" format in x509 authentication
* 4.2:
[HttpKernel] Fix handling non-catchable fatal errors
Fix json-encoding when JSON_THROW_ON_ERROR is used
[HttpFoundation] work around PHP 7.3 bug related to json_encode()
[Security] added support for updated \"distinguished name\" format in x509 authentication
* 4.3:
[Translation] Fixed case sensitivity of lint:xliff command
fix type hint for salt in PasswordEncoderInterface
Simplify code - catch \Throwable capture all exceptions
Collect locale details earlier in the process in TranslationDataCollector
fix typo in PR #31802
update italian validator translation
Add missing translations
[TwigBridge] suggest Translation Component when TranslationExtension is used
* 4.2:
[Translation] Fixed case sensitivity of lint:xliff command
fix type hint for salt in PasswordEncoderInterface
Simplify code - catch \Throwable capture all exceptions
fix typo in PR #31802
update italian validator translation
Add missing translations
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] Make DebugHandlersListener internal
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Required to remove the legacy `Event` argument type declaration from its `configure()` method in 5.0.
Unlocks #31689
Commits
-------
1a8db293c6 [HttpKernel] Make DebugHandlersListener internal
* 4.3:
[HttpClient] make $response->getInfo('debug') return extended logs about the HTTP transaction
fix typo
Fixes a small doc blocks syntax error
Small grammar mistake in documentation
[Messenger] Use real memory usage for --memory-limit
[Workflow] Do not trigger extra guard
* 4.2:
fix typo
Fixes a small doc blocks syntax error
Small grammar mistake in documentation
[Messenger] Use real memory usage for --memory-limit
[Workflow] Do not trigger extra guard
This PR was merged into the 3.4 branch.
Discussion
----------
FragmentListener - fix typo in annotation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Just a small typo I've found in fragment listener :)
Commits
-------
b6ff836a49 fix typo
* 4.3:
[github] Implement the new security policy.
[Finder] fix wrong method call casing
Make tempfile path unique
minor: fix phpdocs in the ldap component
[Process] Fix infinite waiting for stopped process
Use absolute URL for when the profiler's domain differs from the controller's domain which initialises the profiler.
fix phpdoc
[DI] fix using bindings with locators of service subscribers
* 4.2:
[github] Implement the new security policy.
[Finder] fix wrong method call casing
Make tempfile path unique
minor: fix phpdocs in the ldap component
[Process] Fix infinite waiting for stopped process
Use absolute URL for when the profiler's domain differs from the controller's domain which initialises the profiler.
fix phpdoc
[DI] fix using bindings with locators of service subscribers
* 3.4:
[github] Implement the new security policy.
[Finder] fix wrong method call casing
Make tempfile path unique
minor: fix phpdocs in the ldap component
[Process] Fix infinite waiting for stopped process
Use absolute URL for when the profiler's domain differs from the controller's domain which initialises the profiler.
fix phpdoc
[DI] fix using bindings with locators of service subscribers
The temp-file that the test currently creates is `/tmp/log`.
This may exist on many platforms already (including `platform.sh` app containers).
With the proposed patch way the collision will be less likely.
Sponsored-by: Platform.sh
* 4.2:
Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
[FrameworkBundle] minor: remove a typo from changelog
[VarDumper] fix tests with ICU 64.1
[VarDumper][Ldap] relax some locally failing tests
[Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
Make MimeTypeExtensionGuesser case insensitive
Fix get session when the request stack is empty
[Routing] fix trailing slash redirection with non-greedy trailing vars
[FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
This PR was merged into the 4.2 branch.
Discussion
----------
[HttpKernel] Fix get session when the request stack is empty
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
This bug happen behind an exception on a kernel response event, when one collector (e.g. `RequestDataCollector`) is trying to get the request session and the request stack is currently empty.
**Reproducer**
https://github.com/yceruto/get-session-bug (`GET /`)
See logs on terminal:
```bash
Apr 15 20:29:03 |ERROR| PHP 2019-04-15T20:29:03-04:00 Call to a member function isSecure() on null
Apr 15 20:29:03 |ERROR| PHP PHP Fatal error: Uncaught Symfony\Component\Debug\Exception\FatalThrowableError: Call to a member function isSecure() on null in /home/yceruto/demos/getsession/vendor/symfony/http-kernel/EventListener/SessionListener.php:43
Apr 15 20:29:03 |DEBUG| PHP Stack trace:
Apr 15 20:29:03 |DEBUG| PHP #0 /home/yceruto/demos/getsession/vendor/symfony/http-kernel/EventListener/AbstractSessionListener.php(59): Symfony\Component\HttpKernel\EventListener\SessionListener->getSession()
Apr 15 20:29:03 |DEBUG| PHP #1 /home/yceruto/demos/getsession/vendor/symfony/http-foundation/Request.php(707): Symfony\Component\HttpKernel\EventListener\AbstractSessionListener->Symfony\Component\HttpKernel\EventListener\{closure}()
Apr 15 20:29:03 |DEBUG| PHP #2 /home/yceruto/demos/getsession/vendor/symfony/http-kernel/DataCollector/RequestDataCollector.php(65): Symfony\Component\HttpFoundation\Request->getSession()
Apr 15 20:29:03 |DEBUG| PHP #3 /home/yceruto/demos/getsession/vendor/symfony/http-kernel/Profiler/Profiler.php(167): Symfony\Component\HttpKernel\DataCollector\RequestDataCollector->collect(Object(Symfony\Component\HttpFoundation\Request), Object(Symfony\Component\HttpFoundation\Respo in /home/yceruto/demos/getsession/vendor/symfony/http-kernel/EventListener/SessionListener.php on line 43
```
Friendly ping @nicolas-grekas as author of the previous PR https://github.com/symfony/symfony/pull/28244
Commits
-------
d62ca37ab6 Fix get session when the request stack is empty
* 4.2:
Catch empty deprecation.log silently (fixes#31050)
minor: the meaning of the data breach was not correct
Optimize SVGs
property normalizer should also pass format and context to isAllowedAttribute
* 3.4:
minor: the meaning of the data breach was not correct
Optimize SVGs
property normalizer should also pass format and context to isAllowedAttribute
* 4.2:
fixed bad merge
Show more accurate message in profiler when missing stopwatch
CS Fixes: Not double split with one array argument
[Serializer] Add default object class resolver
Remove redundant animation prefixes
Remove redundant `box-sizing` prefixes
[VarExporter] support PHP7.4 __serialize & __unserialize
Rework firewall access denied rule
MetadataAwareNameConverter: Do not assume that property names are strings
[VarExporter] fix exporting classes with private constructors
fixed CS
Fix missing $extraDirs when open_basedir returns
* 3.4:
Show more accurate message in profiler when missing stopwatch
CS Fixes: Not double split with one array argument
Remove redundant animation prefixes
Remove redundant `box-sizing` prefixes
Rework firewall access denied rule
fixed CS
Fix missing $extraDirs when open_basedir returns
* use legacy group when using the deprecated `hinclude_default_template`
templating config option
* conflict with DependencyInjection 4.2 in the HttpKernel component to
be able to rely on five values being retrieved from the values of the
`BoundArgument` class
* let the TwigBundle conflict with versions of FrameworkBundle that do
not ship the `url_helper` service
This PR was squashed before being merged into the 4.3-dev branch (closes#30964).
Discussion
----------
[HttpKernel] Add a "short" trace header format, make header configurable
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#11340
This pull requests adds the first usage of `array_key_first` to the Symfony code base. Additionally, it makes it possible to configure the `HttpCache` to also add a "trace" header in production.
The `HttpCache` is a convenient, low-barrier yet performant way of accelerating the application. By having the "trace" information returned as a header in production as well, you can write it to server log files. For example, with Apache you can use `%{X-Symfony-Cache}o` in the `LogFormat` directive to log response headers.
With the information in the log files, you can easily process it from logfile processing/system metrics tools to find out about cache performance, efficiency and the URLs that might need extra cache tweaking.
<img width="1040" alt="Bildschirmfoto 2019-04-07 um 11 43 23" src="https://user-images.githubusercontent.com/1202333/55681763-6e90e980-592a-11e9-900f-e096350531c2.png">
The "short" format will only output information for the main request to avoid leaking internal URLs for ESI subrequests. I also chose a concise format like `stale/valid/store` because that's much easier to parse out of logfiles (no whitespace, no need for quotes etc.).
If you're not comfortable with having `Symfony` in the header name that way, the header name can be changed through a configuration setting as well.
#FOSSHackathon
Commits
-------
9a2fcc9392 [HttpKernel] Add a \"short\" trace header format, make header configurable
This PR was squashed before being merged into the 4.3-dev branch (closes#30906).
Discussion
----------
[symfony/HttpKernel] Throws an error when the generated class name is invalid.
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30845
| License | MIT
Commits
-------
c976866566 [symfony/HttpKernel] Throws an error when the generated class name is invalid.
* 4.2: (45 commits)
[Form] various minor fixes
Ensure the parent process is always killed
bugfix: the terminal state was wrong and not reseted
[Console] Fix inconsistent result for choice questions in non-interactive mode
Define null return type for Constraint::getDefaultOption()
[Routing] Fix: annotation loader ignores method's default values
[HttpKernel] Fix DebugHandlersListener constructor docblock
Skip Glob brace test when GLOB_BRACE is unavailable
bumped Symfony version to 4.2.6
updated VERSION for 4.2.5
updated CHANGELOG for 4.2.5
bumped Symfony version to 3.4.25
updated VERSION for 3.4.24
update CONTRIBUTORS for 3.4.24
updated CHANGELOG for 3.4.24
[EventDispatcher] cleanup
fix testIgnoredAttributesInContext
Re-generate icu 64.1 data
Improve PHPdoc / IDE autocomplete for config tree builder
[Bridge][Twig] DebugCommand - fix escaping and filter
...
* 3.4:
[Form] various minor fixes
bugfix: the terminal state was wrong and not reseted
[Console] Fix inconsistent result for choice questions in non-interactive mode
Define null return type for Constraint::getDefaultOption()
[HttpKernel] Fix DebugHandlersListener constructor docblock
Skip Glob brace test when GLOB_BRACE is unavailable
bumped Symfony version to 3.4.25
updated VERSION for 3.4.24
update CONTRIBUTORS for 3.4.24
updated CHANGELOG for 3.4.24
[EventDispatcher] cleanup
This PR was squashed before being merged into the 4.3-dev branch (closes#30569).
Discussion
----------
[FrameworkBundle][HttpKernel] Provide intuitive error message when a controller fails because it's not registered as a service
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #27787, symfony/symfony-docs#7988 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | none <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Create a very late controller argument value resolver to throw an intuitive error message when controller fails because it is not registered as a service.
Commits
-------
fbfc623b72 [FrameworkBundle][HttpKernel] Provide intuitive error message when a controller fails because it's not registered as a service
This PR was merged into the 4.3-dev branch.
Discussion
----------
[HttpClient] added CachingHttpClient
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The proposed `CachingHttpClient` uses `HttpCache` from the HttpKernel component to provide an HTTP-compliant cache.
If this is accepted, it could replace the corresponding part in #30602
Commits
-------
dae5686722 [HttpClient] added CachingHttpClient
This PR was merged into the 4.3-dev branch.
Discussion
----------
Allow user to set the project dir
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | <!-- symfony/symfony-docs#... required for new features -->
Currently, the project directory is defined by the location of the composer.json file.
That file is not required in production, which therefore [breaks the method getProjectDir](https://github.com/symfony/symfony/issues/23950) (who sends back null).
The offered solution, while working, requires the developer to implement it, and uses inheritance override, while a more aesthetic solution could be used.
This does not fix the behaviour, but allows the developer to pass the project dir as a parameter.
While this solution does not include BC break or anything, it is important to notice that it includes
**an optional parameter**.
[Object instantiation in the framework bundle recipe](https://github.com/symfony/recipes/blob/master/symfony/framework-bundle/4.2/public/index.php#L23) could be updated as follow (in another PR):
```php
$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
```
```php
$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG'], dirname(__DIR__));
```
Commits
-------
c40017d63c Allow user to set the project dir
Currently, the project directory is defined by the location of the composer.json file.
That file is not required in production, which therefore breaks the method getProjectDir (who sends back null).
This does not fix the behaviour, but allows the developer to pass the project dir as a parameter.
This PR was merged into the 4.3-dev branch.
Discussion
----------
[EventDispatcher] swap arguments of dispatch() to allow registering events by FQCN
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
PR green and ready. From UPGRADE files:
EventDispatcher
---------------
* The signature of the `EventDispatcherInterface::dispatch()` method should be updated to `dispatch($event, string $eventName = null)`, not doing so is deprecated
HttpKernel
----------
* Renamed `FilterControllerArgumentsEvent` to `ControllerArgumentsEvent`
* Renamed `FilterControllerEvent` to `ControllerEvent`
* Renamed `FilterResponseEvent` to `ResponseEvent`
* Renamed `GetResponseEvent` to `RequestEvent`
* Renamed `GetResponseForControllerResultEvent` to `ViewEvent`
* Renamed `GetResponseForExceptionEvent` to `ExceptionEvent`
* Renamed `PostResponseEvent` to `TerminateEvent`
Security
---------
* The `ListenerInterface` is deprecated, turn your listeners into callables instead.
* The `Firewall::handleRequest()` method is deprecated, use `Firewall::callListeners()` instead.
Commits
-------
75369dabb8 [EventDispatcher] swap arguments of dispatch() to allow registering events by FQCN
This PR was merged into the 4.3-dev branch.
Discussion
----------
[BrowserKit] Rename Client to Browser
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | yes
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
`Client` is very generic and used in 3 places: BrowserKit, HttpKernel, and FramewrokBundle. Each Client extends another one. So, to make things clearer, I'd like to rename Client to Browser like this:
Symfony\Component\BrowerKit\Client -> AbstractBrowser
Symfony\Component\HttpKernel\Client -> HttpKernelBrowser
Symfony\Bundle\FrameworkBundle\Client -> KernelBrowser
The next PR will introduce an `HttpBrowser` based on the new HttpClient component :)
Commits
-------
dbe4f8605b renamed Client to Browser
* 4.2: (27 commits)
cs fix
cs fix
[PHPUnit-Bridge] override some environment variables
[TwigBridge] Remove use spaceless tag
Upgrade zookeeper ext
[translation] Update defaut format from yml to yaml
Change default log level for output streams
update docblock to match the actual behavior
Don't resolve the Deprecation error handler mode until a deprecation is triggered
compatibility with phpunit8
Make 'headers' key optional for encoded messages
[Debug][DebugClassLoader] Detect annotations before blank docblock lines on final and internal methods
Fix undefined variable fromConstructor when passing context to getTypes
Added translations for chineese language.
Allow 3rd argument to be null
Remove whitespace (tab on blank line)
[Monolog] Really reset logger when calling logger::reset()
[Form] Fixes debug:form appears many times as type extensions configured with new getExtendedTypes method
Update src/Symfony/Component/PropertyInfo/Tests/Extractor/ReflectionExtractorTest.php
Update src/Symfony/Component/PropertyInfo/Tests/Extractor/ReflectionExtractorTest.php
...
* 3.4:
cs fix
cs fix
[PHPUnit-Bridge] override some environment variables
[TwigBridge] Remove use spaceless tag
[translation] Update defaut format from yml to yaml
Change default log level for output streams
update docblock to match the actual behavior
compatibility with phpunit8
[Debug][DebugClassLoader] Detect annotations before blank docblock lines on final and internal methods
Added translations for chineese language.
* 4.2:
Removed non-existing parameters for LogoutUrlGenerator calls
[WebProfilerBundle] toolbar: invisible route name in Firefox
Drop spurious execution bit
[HttpKernel] Correctly merging cache directives in HttpCache/ResponseCacheStrategy
[Validator] Add the missing translations for the Latvian ("lv") locale
Fixed the DebugClassLoader compatibility with eval()'d code on Darwin
[Validator] Update Serbian translation file
* 3.4:
Removed non-existing parameters for LogoutUrlGenerator calls
[HttpKernel] Correctly merging cache directives in HttpCache/ResponseCacheStrategy
[Validator] Add the missing translations for the Latvian ("lv") locale
Fixed the DebugClassLoader compatibility with eval()'d code on Darwin
[Validator] Update Serbian translation file
This PR was squashed before being merged into the 3.4 branch (closes#26532).
Discussion
----------
[HttpKernel] Correctly merging cache directives in HttpCache/ResponseCacheStrategy
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26245, #26352, #28872
| License | MIT
| Doc PR | -
This PR is a first draft to fix the incorrect merging of private and other cache-related headers that are not meant for the shared cache but the browser (see mentioned issues).
The existing implementation of `HttpFoundation\Response` is very much tailored to the `HttpCache`, for example `isCacheable` returns `false` if the response is `private`, which is not true for a browser cache. That is why my implementation does not longer use much of the response methods. They are however still used by the `HttpCache` and we should keep them as-is. FYI, the `ResponseCacheStrategy` does **not** affect the stored data of `HttpCache` but is only applied to the result of multiple merged subrequests/ESI responses.
I did read up a lot on RFC2616 as a reference. [Section 13.4](https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.4) gives an overall view of when a response MAY be cached. [Section 14.9.1](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1) has more insight into the `Cache-Control` directives.
Here's a summary of the relevant information I applied to the implementation:
- > Unless specifically constrained by a cache-control (section 14.9) directive, a caching system MAY always store a successful response (see section 13.8) as a cache entry, MAY return it without validation if it is fresh, and MAY return it after successful validation.
A response without cache control headers is totally fine, and it's up to the cache (shared or private) to decide what to do with it. That is why the implementation does not longer set `no-cache` if no `Cache-Control` headers are present.
- > A response received with a status code of 200, 203, 206, 300, 301 or 410 MAY be stored […] unless a cache-control directive prohibits caching.
> A response received with any other status code (e.g. status codes 302 and 307) MUST NOT be returned […] unless there are cache-control directives or another header(s) that explicitly allow it.
This is what `ResponseCacheStrategy::isUncacheable` implements to decide whether a response is not cacheable at all. It differs from `Response::isCacheable` which only returns true if there are actual `Cache-Control` headers.
- > [Section 13.2.3](https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.2.3): When a response is generated from a cache entry, the cache MUST include a single Age header field in the response with a value equal to the cache entry's current_age.
That's why the implementation **always** adds the `Age` header. It takes the oldest age of any of the responses as common denominator for the content.
- > [Section 14.9.3](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.3): If a response includes an s-maxage directive, then for a shared cache (but not for a private cache), the maximum age specified by this directive overrides the maximum age specified by either the max-age directive or the Expires header.
This effectively means that `max-age`, `s-maxage` and `Expires` must all be kept on the response. My implementation assumes that we can only do that if they exist in **all** of the responses, and then takes the lowest value of any of them. Be aware the implementation might look confusing at first. Due to the fact that the `Age` header might come from another subresponse than the lowest expiration value, the values are stored relative to the current response date and then re-calculated based on the age header.
The Symfony implementation did not and still does not implement the full RFC. As an example, some of the `Cache-Control` headers (like `private` and `no-cache`) MAY actually have a string value, but the implementation only supports boolean. Also, [Custom `Cache-Control` headers](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.6) are currently not merged into the final response.
**ToDo/Questions:**
1. [Section 13.5.2](https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.5.2) specifies that we must add a [`Warning 214 Transformation applied`](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.46) if we modify the response headers.
2. Should we add an `Expires` headers based on `max-age` if none is explicitly set in the responses? This would essentially provide the same information as `max-age` but with support for HTTP/1.0 proxies/clients.
3. I'm not sure about the implemented handling of the `private` directive. The directive is currently only added to the final response if it is present in all of the subresponses. This can effectively result in no cache-control directive, which does not tell a shared cache that the response must not be cached. However, adding a `private` might also tell a browser to actually cache it, even though non of the other responses asked for that.
4. > [Section 14.9.2](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.2): The purpose of the `no-store` directive is to prevent the inadvertent release or retention of sensitive information […]. The `no-store` directive applies to the entire message, and MAY be sent either in a response or in a request. If sent in a request, a cache MUST NOT store any part of either this request or any response to it. If sent in a response, a cache MUST NOT store any part of either this response or the request that elicited it.
I have not (yet) validated whether the `HttpCache` implementation respects any of this.
5. As far as I understand, the current implementation of [`ResponseHeaderBag::computeCacheControlValue`](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/ResponseHeaderBag.php#L313) is incorrect. `no-cache` means a response [must not be cached by a shared or private cache](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1), which overrides `private` automatically.
5. The unit tests are still very limited and I want to add plenty more to test and sort-of describe the implementation or assumptions on the RFC.
/cc @nicolas-grekas
#SymfonyConHackday2018
Commits
-------
893118f978 [HttpKernel] Correctly merging cache directives in HttpCache/ResponseCacheStrategy
* 4.2: (26 commits)
Apply php-cs-fixer rule for array_key_exists()
[Cache] fix warming up cache.system and apcu
[Security] Change FormAuthenticator if condition
handles multi-byte characters in autocomplete
speed up tests running them without debug flag
[Translations] added missing Croatian validators
Fix getItems() performance issue with RedisCluster (php-redis)
[VarDumper] Keep a ref to objects to ensure their handle cannot be reused while cloning
IntegerType: reject submitted non-integer numbers
be keen to newcomers
[HttpKernel] Fix possible infinite loop of exceptions
fixed CS
[Validator] Added missing translations for Afrikaans
do not validate non-submitted form fields in PATCH requests
Update usage example in ArrayInput doc block.
[Console] Prevent ArgvInput::getFirstArgument() from returning an option value
[Validator] Fixed duplicate UUID
fixed CS
[EventDispatcher] Fix unknown priority
Avoid mutating the Finder when building the iterator
...
* 3.4: (24 commits)
Apply php-cs-fixer rule for array_key_exists()
[Security] Change FormAuthenticator if condition
handles multi-byte characters in autocomplete
speed up tests running them without debug flag
[Translations] added missing Croatian validators
Fix getItems() performance issue with RedisCluster (php-redis)
[VarDumper] Keep a ref to objects to ensure their handle cannot be reused while cloning
IntegerType: reject submitted non-integer numbers
be keen to newcomers
[HttpKernel] Fix possible infinite loop of exceptions
fixed CS
[Validator] Added missing translations for Afrikaans
do not validate non-submitted form fields in PATCH requests
Update usage example in ArrayInput doc block.
[Console] Prevent ArgvInput::getFirstArgument() from returning an option value
[Validator] Fixed duplicate UUID
fixed CS
[EventDispatcher] Fix unknown priority
Avoid mutating the Finder when building the iterator
[Validator] Add the missing translations for the Greek (el) locale
...
This PR was squashed before being merged into the 4.3-dev branch (closes#28919).
Discussion
----------
[DX][WebProfilerBundle] Add Pretty Print functionality for Request Content
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | n/a ?
## Why?
Quite often when attempting to debug issues with JSON requests sent to a Symfony API, I use the Web Profiler to check the request content. More often than not the request content isn't easily readable (99% of the time it's all stuck on a single line and impossible to read). I always find myself copying + pasting the content into a random online tool to have it "pretty-print" the JSON.
Usually this isn't an issue, but can be annoying when offline. There's also the security issue of sending entire JSON payloads to a third-party server just for formatting 😳. Alternatively, maybe developers copy+paste into their chosen editors and this PR is all a waste of time — I hope not 😛.
## How?
This PR adds "Pretty-Print" JSON functionality straight into the profiler.
We can use `collector.requestheaders` to detect if the request was JSON and conditionally show the Pretty Print button.
When the button is clicked, we format the JSON from the "Request Content" card.
## What does it look like?
Before:
![without-pretty-print](https://user-images.githubusercontent.com/573318/47180751-36b0ce00-d319-11e8-86ed-eb0d78ebcbe3.png)
After:
![pretty](https://user-images.githubusercontent.com/573318/47180763-3c0e1880-d319-11e8-995d-eba565aad827.png)
Non-JSON Requests (unchanged):
![non-json-request](https://user-images.githubusercontent.com/573318/47181080-03227380-d31a-11e8-8cf2-e8b2e8c1a21d.png)
## Things to consider
- Is `JSON.stringify(JSON.parse(content));` the safest, most efficient way to do this?
- Should the "Pretty Print" button be in-line next to the "Request Content" header? I couldn't find a pattern for this sort of thing elsewhere in the profiler.
- Do people want JSON formatted with 4 spaces, would 2 spaces be preferred? Should this be a configuration option stored in localStorage (such as the light/dark theme configuration)?
- Should this be a toggle? E.g. click to pretty print, then click to undo
## Future Improvements
Depending on how this is received it could be extended to support formatting different request content-types (e.g. XML formatting) — I assume.
## Progress
- [x] Gather feedback and decide where to perform the pretty-print: [server-side, or client-side](https://github.com/symfony/symfony/pull/28919#issuecomment-431508361).
*It was decided server-side would be better.*
Commits
-------
9f85103151 [DX][WebProfilerBundle] Add Pretty Print functionality for Request Content
* 4.2:
New extensions were released supporting PHP 7.3
Remove "internal" annotation from datacollector serialization methods
replace mocks with real objects in tests
[DependencyInjection] fix#29930 add $lazyLoad flag to the generated factory code for lazy non-shared services
escape function does not always take a string
Fix phpunit 8 compatibility
render integer types with grouping as text input
ignore _method forms in NativeRequestHandler
don't lose int precision with not needed type casts
* 3.4:
Remove "internal" annotation from datacollector serialization methods
replace mocks with real objects in tests
Fix phpunit 8 compatibility
render integer types with grouping as text input
ignore _method forms in NativeRequestHandler
don't lose int precision with not needed type casts
* 4.2:
Add missing `@internal` annotations
Disable Twig in the profiler menu when Twig is not used
Mark some/most implementations of Serializable as `@internal`
[Config] ensure moving away from Serializable wont break cache:clear
[VarDumper] dont implement Serializable in Stub
[Config] fix compat with wrapping autoloaders
[Messenger] fixed RabbitMQ arguments not passed as integer values
* 3.4:
Add missing `@internal` annotations
Disable Twig in the profiler menu when Twig is not used
Mark some/most implementations of Serializable as `@internal`
[Config] ensure moving away from Serializable wont break cache:clear
[VarDumper] dont implement Serializable in Stub
[Config] fix compat with wrapping autoloaders