This PR was merged into the 4.3-dev branch.
Discussion
----------
[HttpClient] added CachingHttpClient
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The proposed `CachingHttpClient` uses `HttpCache` from the HttpKernel component to provide an HTTP-compliant cache.
If this is accepted, it could replace the corresponding part in #30602
Commits
-------
dae5686722 [HttpClient] added CachingHttpClient
This PR was merged into the 4.3-dev branch.
Discussion
----------
Allow user to set the project dir
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | <!-- symfony/symfony-docs#... required for new features -->
Currently, the project directory is defined by the location of the composer.json file.
That file is not required in production, which therefore [breaks the method getProjectDir](https://github.com/symfony/symfony/issues/23950) (who sends back null).
The offered solution, while working, requires the developer to implement it, and uses inheritance override, while a more aesthetic solution could be used.
This does not fix the behaviour, but allows the developer to pass the project dir as a parameter.
While this solution does not include BC break or anything, it is important to notice that it includes
**an optional parameter**.
[Object instantiation in the framework bundle recipe](https://github.com/symfony/recipes/blob/master/symfony/framework-bundle/4.2/public/index.php#L23) could be updated as follow (in another PR):
```php
$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG']);
```
```php
$kernel = new Kernel($_SERVER['APP_ENV'], (bool) $_SERVER['APP_DEBUG'], dirname(__DIR__));
```
Commits
-------
c40017d63c Allow user to set the project dir
Currently, the project directory is defined by the location of the composer.json file.
That file is not required in production, which therefore breaks the method getProjectDir (who sends back null).
This does not fix the behaviour, but allows the developer to pass the project dir as a parameter.
This PR was merged into the 4.3-dev branch.
Discussion
----------
[EventDispatcher] swap arguments of dispatch() to allow registering events by FQCN
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
PR green and ready. From UPGRADE files:
EventDispatcher
---------------
* The signature of the `EventDispatcherInterface::dispatch()` method should be updated to `dispatch($event, string $eventName = null)`, not doing so is deprecated
HttpKernel
----------
* Renamed `FilterControllerArgumentsEvent` to `ControllerArgumentsEvent`
* Renamed `FilterControllerEvent` to `ControllerEvent`
* Renamed `FilterResponseEvent` to `ResponseEvent`
* Renamed `GetResponseEvent` to `RequestEvent`
* Renamed `GetResponseForControllerResultEvent` to `ViewEvent`
* Renamed `GetResponseForExceptionEvent` to `ExceptionEvent`
* Renamed `PostResponseEvent` to `TerminateEvent`
Security
---------
* The `ListenerInterface` is deprecated, turn your listeners into callables instead.
* The `Firewall::handleRequest()` method is deprecated, use `Firewall::callListeners()` instead.
Commits
-------
75369dabb8 [EventDispatcher] swap arguments of dispatch() to allow registering events by FQCN
This PR was merged into the 4.3-dev branch.
Discussion
----------
[BrowserKit] Rename Client to Browser
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | yes
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
`Client` is very generic and used in 3 places: BrowserKit, HttpKernel, and FramewrokBundle. Each Client extends another one. So, to make things clearer, I'd like to rename Client to Browser like this:
Symfony\Component\BrowerKit\Client -> AbstractBrowser
Symfony\Component\HttpKernel\Client -> HttpKernelBrowser
Symfony\Bundle\FrameworkBundle\Client -> KernelBrowser
The next PR will introduce an `HttpBrowser` based on the new HttpClient component :)
Commits
-------
dbe4f8605b renamed Client to Browser
* 4.2: (27 commits)
cs fix
cs fix
[PHPUnit-Bridge] override some environment variables
[TwigBridge] Remove use spaceless tag
Upgrade zookeeper ext
[translation] Update defaut format from yml to yaml
Change default log level for output streams
update docblock to match the actual behavior
Don't resolve the Deprecation error handler mode until a deprecation is triggered
compatibility with phpunit8
Make 'headers' key optional for encoded messages
[Debug][DebugClassLoader] Detect annotations before blank docblock lines on final and internal methods
Fix undefined variable fromConstructor when passing context to getTypes
Added translations for chineese language.
Allow 3rd argument to be null
Remove whitespace (tab on blank line)
[Monolog] Really reset logger when calling logger::reset()
[Form] Fixes debug:form appears many times as type extensions configured with new getExtendedTypes method
Update src/Symfony/Component/PropertyInfo/Tests/Extractor/ReflectionExtractorTest.php
Update src/Symfony/Component/PropertyInfo/Tests/Extractor/ReflectionExtractorTest.php
...
* 3.4:
cs fix
cs fix
[PHPUnit-Bridge] override some environment variables
[TwigBridge] Remove use spaceless tag
[translation] Update defaut format from yml to yaml
Change default log level for output streams
update docblock to match the actual behavior
compatibility with phpunit8
[Debug][DebugClassLoader] Detect annotations before blank docblock lines on final and internal methods
Added translations for chineese language.
* 4.2:
Removed non-existing parameters for LogoutUrlGenerator calls
[WebProfilerBundle] toolbar: invisible route name in Firefox
Drop spurious execution bit
[HttpKernel] Correctly merging cache directives in HttpCache/ResponseCacheStrategy
[Validator] Add the missing translations for the Latvian ("lv") locale
Fixed the DebugClassLoader compatibility with eval()'d code on Darwin
[Validator] Update Serbian translation file
* 3.4:
Removed non-existing parameters for LogoutUrlGenerator calls
[HttpKernel] Correctly merging cache directives in HttpCache/ResponseCacheStrategy
[Validator] Add the missing translations for the Latvian ("lv") locale
Fixed the DebugClassLoader compatibility with eval()'d code on Darwin
[Validator] Update Serbian translation file
This PR was squashed before being merged into the 3.4 branch (closes#26532).
Discussion
----------
[HttpKernel] Correctly merging cache directives in HttpCache/ResponseCacheStrategy
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26245, #26352, #28872
| License | MIT
| Doc PR | -
This PR is a first draft to fix the incorrect merging of private and other cache-related headers that are not meant for the shared cache but the browser (see mentioned issues).
The existing implementation of `HttpFoundation\Response` is very much tailored to the `HttpCache`, for example `isCacheable` returns `false` if the response is `private`, which is not true for a browser cache. That is why my implementation does not longer use much of the response methods. They are however still used by the `HttpCache` and we should keep them as-is. FYI, the `ResponseCacheStrategy` does **not** affect the stored data of `HttpCache` but is only applied to the result of multiple merged subrequests/ESI responses.
I did read up a lot on RFC2616 as a reference. [Section 13.4](https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.4) gives an overall view of when a response MAY be cached. [Section 14.9.1](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1) has more insight into the `Cache-Control` directives.
Here's a summary of the relevant information I applied to the implementation:
- > Unless specifically constrained by a cache-control (section 14.9) directive, a caching system MAY always store a successful response (see section 13.8) as a cache entry, MAY return it without validation if it is fresh, and MAY return it after successful validation.
A response without cache control headers is totally fine, and it's up to the cache (shared or private) to decide what to do with it. That is why the implementation does not longer set `no-cache` if no `Cache-Control` headers are present.
- > A response received with a status code of 200, 203, 206, 300, 301 or 410 MAY be stored […] unless a cache-control directive prohibits caching.
> A response received with any other status code (e.g. status codes 302 and 307) MUST NOT be returned […] unless there are cache-control directives or another header(s) that explicitly allow it.
This is what `ResponseCacheStrategy::isUncacheable` implements to decide whether a response is not cacheable at all. It differs from `Response::isCacheable` which only returns true if there are actual `Cache-Control` headers.
- > [Section 13.2.3](https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.2.3): When a response is generated from a cache entry, the cache MUST include a single Age header field in the response with a value equal to the cache entry's current_age.
That's why the implementation **always** adds the `Age` header. It takes the oldest age of any of the responses as common denominator for the content.
- > [Section 14.9.3](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.3): If a response includes an s-maxage directive, then for a shared cache (but not for a private cache), the maximum age specified by this directive overrides the maximum age specified by either the max-age directive or the Expires header.
This effectively means that `max-age`, `s-maxage` and `Expires` must all be kept on the response. My implementation assumes that we can only do that if they exist in **all** of the responses, and then takes the lowest value of any of them. Be aware the implementation might look confusing at first. Due to the fact that the `Age` header might come from another subresponse than the lowest expiration value, the values are stored relative to the current response date and then re-calculated based on the age header.
The Symfony implementation did not and still does not implement the full RFC. As an example, some of the `Cache-Control` headers (like `private` and `no-cache`) MAY actually have a string value, but the implementation only supports boolean. Also, [Custom `Cache-Control` headers](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.6) are currently not merged into the final response.
**ToDo/Questions:**
1. [Section 13.5.2](https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.5.2) specifies that we must add a [`Warning 214 Transformation applied`](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.46) if we modify the response headers.
2. Should we add an `Expires` headers based on `max-age` if none is explicitly set in the responses? This would essentially provide the same information as `max-age` but with support for HTTP/1.0 proxies/clients.
3. I'm not sure about the implemented handling of the `private` directive. The directive is currently only added to the final response if it is present in all of the subresponses. This can effectively result in no cache-control directive, which does not tell a shared cache that the response must not be cached. However, adding a `private` might also tell a browser to actually cache it, even though non of the other responses asked for that.
4. > [Section 14.9.2](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.2): The purpose of the `no-store` directive is to prevent the inadvertent release or retention of sensitive information […]. The `no-store` directive applies to the entire message, and MAY be sent either in a response or in a request. If sent in a request, a cache MUST NOT store any part of either this request or any response to it. If sent in a response, a cache MUST NOT store any part of either this response or the request that elicited it.
I have not (yet) validated whether the `HttpCache` implementation respects any of this.
5. As far as I understand, the current implementation of [`ResponseHeaderBag::computeCacheControlValue`](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/ResponseHeaderBag.php#L313) is incorrect. `no-cache` means a response [must not be cached by a shared or private cache](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1), which overrides `private` automatically.
5. The unit tests are still very limited and I want to add plenty more to test and sort-of describe the implementation or assumptions on the RFC.
/cc @nicolas-grekas
#SymfonyConHackday2018
Commits
-------
893118f978 [HttpKernel] Correctly merging cache directives in HttpCache/ResponseCacheStrategy
* 4.2: (26 commits)
Apply php-cs-fixer rule for array_key_exists()
[Cache] fix warming up cache.system and apcu
[Security] Change FormAuthenticator if condition
handles multi-byte characters in autocomplete
speed up tests running them without debug flag
[Translations] added missing Croatian validators
Fix getItems() performance issue with RedisCluster (php-redis)
[VarDumper] Keep a ref to objects to ensure their handle cannot be reused while cloning
IntegerType: reject submitted non-integer numbers
be keen to newcomers
[HttpKernel] Fix possible infinite loop of exceptions
fixed CS
[Validator] Added missing translations for Afrikaans
do not validate non-submitted form fields in PATCH requests
Update usage example in ArrayInput doc block.
[Console] Prevent ArgvInput::getFirstArgument() from returning an option value
[Validator] Fixed duplicate UUID
fixed CS
[EventDispatcher] Fix unknown priority
Avoid mutating the Finder when building the iterator
...
* 3.4: (24 commits)
Apply php-cs-fixer rule for array_key_exists()
[Security] Change FormAuthenticator if condition
handles multi-byte characters in autocomplete
speed up tests running them without debug flag
[Translations] added missing Croatian validators
Fix getItems() performance issue with RedisCluster (php-redis)
[VarDumper] Keep a ref to objects to ensure their handle cannot be reused while cloning
IntegerType: reject submitted non-integer numbers
be keen to newcomers
[HttpKernel] Fix possible infinite loop of exceptions
fixed CS
[Validator] Added missing translations for Afrikaans
do not validate non-submitted form fields in PATCH requests
Update usage example in ArrayInput doc block.
[Console] Prevent ArgvInput::getFirstArgument() from returning an option value
[Validator] Fixed duplicate UUID
fixed CS
[EventDispatcher] Fix unknown priority
Avoid mutating the Finder when building the iterator
[Validator] Add the missing translations for the Greek (el) locale
...
This PR was squashed before being merged into the 4.3-dev branch (closes#28919).
Discussion
----------
[DX][WebProfilerBundle] Add Pretty Print functionality for Request Content
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | n/a ?
## Why?
Quite often when attempting to debug issues with JSON requests sent to a Symfony API, I use the Web Profiler to check the request content. More often than not the request content isn't easily readable (99% of the time it's all stuck on a single line and impossible to read). I always find myself copying + pasting the content into a random online tool to have it "pretty-print" the JSON.
Usually this isn't an issue, but can be annoying when offline. There's also the security issue of sending entire JSON payloads to a third-party server just for formatting 😳. Alternatively, maybe developers copy+paste into their chosen editors and this PR is all a waste of time — I hope not 😛.
## How?
This PR adds "Pretty-Print" JSON functionality straight into the profiler.
We can use `collector.requestheaders` to detect if the request was JSON and conditionally show the Pretty Print button.
When the button is clicked, we format the JSON from the "Request Content" card.
## What does it look like?
Before:
After:
Non-JSON Requests (unchanged):
## Things to consider
- Is `JSON.stringify(JSON.parse(content));` the safest, most efficient way to do this?
- Should the "Pretty Print" button be in-line next to the "Request Content" header? I couldn't find a pattern for this sort of thing elsewhere in the profiler.
- Do people want JSON formatted with 4 spaces, would 2 spaces be preferred? Should this be a configuration option stored in localStorage (such as the light/dark theme configuration)?
- Should this be a toggle? E.g. click to pretty print, then click to undo
## Future Improvements
Depending on how this is received it could be extended to support formatting different request content-types (e.g. XML formatting) — I assume.
## Progress
- [x] Gather feedback and decide where to perform the pretty-print: [server-side, or client-side](https://github.com/symfony/symfony/pull/28919#issuecomment-431508361).
*It was decided server-side would be better.*
Commits
-------
9f85103151 [DX][WebProfilerBundle] Add Pretty Print functionality for Request Content
* 4.2:
New extensions were released supporting PHP 7.3
Remove "internal" annotation from datacollector serialization methods
replace mocks with real objects in tests
[DependencyInjection] fix#29930 add $lazyLoad flag to the generated factory code for lazy non-shared services
escape function does not always take a string
Fix phpunit 8 compatibility
render integer types with grouping as text input
ignore _method forms in NativeRequestHandler
don't lose int precision with not needed type casts
* 3.4:
Remove "internal" annotation from datacollector serialization methods
replace mocks with real objects in tests
Fix phpunit 8 compatibility
render integer types with grouping as text input
ignore _method forms in NativeRequestHandler
don't lose int precision with not needed type casts
* 4.2:
Add missing `@internal` annotations
Disable Twig in the profiler menu when Twig is not used
Mark some/most implementations of Serializable as `@internal`
[Config] ensure moving away from Serializable wont break cache:clear
[VarDumper] dont implement Serializable in Stub
[Config] fix compat with wrapping autoloaders
[Messenger] fixed RabbitMQ arguments not passed as integer values
* 3.4:
Add missing `@internal` annotations
Disable Twig in the profiler menu when Twig is not used
Mark some/most implementations of Serializable as `@internal`
[Config] ensure moving away from Serializable wont break cache:clear
[VarDumper] dont implement Serializable in Stub
[Config] fix compat with wrapping autoloaders
