@@ -55,7 +55,7 @@ final class CurlHttpClient implements HttpClientInterface, LoggerAwareInterface
5555 *
5656 * @see HttpClientInterface::OPTIONS_DEFAULTS for available options
5757 */
58- public function __construct (array $ defaultOptionsint $ maxHostConnections6 , int $ maxPendingPushes50 )
58+ public function __construct (array $ defaultOptionsint $ maxHostConnections6 , int $ maxPendingPushes0 )
5959 {
6060 if (!\extension_loaded ('curl ' )) {
6161 throw new \LogicException ('You cannot use the "Symfony\Component\HttpClient\CurlHttpClient" as the "curl" extension is not installed. ' );
@@ -105,35 +105,30 @@ public function request(string $method, string $url, array $options = []): Respo
105105 $ hostparse_url ($ authorityPHP_URL_HOST );
106106 $ urlimplode ('' , $ url
107107
108+ if (!isset ($ options'normalized_headers ' ]['user-agent ' ])) {
109+ $ options'normalized_headers ' ]['user-agent ' ][] = 'Symfony HttpClient/Curl ' ;
110+ $ options'headers ' ][] = 'User-Agent: Symfony HttpClient/Curl ' ;
111+ }
112+
108113 if ($ pushedResponse$ this multi ->pushedResponses [$ urlnull ) {
109114 unset($ this multi ->pushedResponses [$ url
110- // Accept pushed responses only if their headers related to authentication match the request
111- $ expectedHeaders'authorization ' , 'cookie ' , 'x-requested-with ' , 'range ' ];
112- foreach ($ expectedHeadersas $ k$ v
113- $ expectedHeaders$ knull ;
114-
115- foreach ($ options'normalized_headers ' ][$ vas $ h
116- $ expectedHeaders$ ksubstr ($ h2 + \strlen ($ v
117- }
118- }
119115
120- if (' GET ' === $ method && $ expectedHeaders === $ pushedResponse-> headers && ! $ options [ ' body ' ] ) {
121- $ this logger && $ this logger ->debug (sprintf ('Connecting request to pushed response: "%s %s" , $ method$ url
116+ if (self :: acceptPushForRequest ( $ method, $ options , $ pushedResponse) ) {
117+ $ this logger && $ this logger ->debug (sprintf ('Accepting pushed response: "%s %s" , $ method$ url
122118
123119 // Reinitialize the pushed response with request's options
124120 $ pushedResponseresponse ->__construct ($ this multi , $ url$ options$ this logger );
125121
126122 return $ pushedResponseresponse ;
127123 }
128124
129- $ this logger && $ this logger ->debug (sprintf ('Rejecting pushed response for "%s": authorization headers don \' t match the request ' , $ url
125+ $ this logger && $ this logger ->debug (sprintf ('Rejecting pushed response: "%s". ' , $ url
130126 }
131127
132128 $ this logger && $ this logger ->info (sprintf ('Request: "%s %s" ' , $ method$ url
133129
134130 $ curlopts
135131 CURLOPT_URL => $ url
136- CURLOPT_USERAGENT => 'Symfony HttpClient/Curl ' ,
137132 CURLOPT_TCP_NODELAY => true ,
138133 CURLOPT_PROTOCOLS => CURLPROTO_HTTP | CURLPROTO_HTTPS ,
139134 CURLOPT_REDIR_PROTOCOLS => CURLPROTO_HTTP | CURLPROTO_HTTPS ,
@@ -306,7 +301,7 @@ public function __destruct()
306301 $ active0 ;
307302 while (CURLM_CALL_MULTI_PERFORM === curl_multi_exec ($ this multi ->handle , $ active
308303
309- foreach ($ this multi ->openHandles as $ ch
304+ foreach ($ this multi ->openHandles as [ $ ch] ) {
310305 curl_setopt ($ chCURLOPT_VERBOSE , false );
311306 }
312307 }
@@ -318,17 +313,17 @@ private static function handlePush($parent, $pushed, array $requestHeaders, Curl
318313
319314 foreach ($ requestHeadersas $ h
320315 if (false !== $ istrpos ($ h': ' , 1 )) {
321- $ headerssubstr ($ h0 , $ isubstr ($ h1 + $ i
316+ $ headerssubstr ($ h0 , $ i[] = substr ($ h1 + $ i
322317 }
323318 }
324319
325- if (!isset ($ headers':method ' ]) || !isset ($ headers':scheme ' ]) || !isset ($ headers':authority ' ]) || !isset ($ headers':path ' ]) || ' GET ' !== $ headers [ ' :method ' ] || isset ( $ headers [ ' range ' ]) ) {
320+ if (!isset ($ headers':method ' ]) || !isset ($ headers':scheme ' ]) || !isset ($ headers':authority ' ]) || !isset ($ headers':path ' ])) {
326321 $ logger$ loggerdebug (sprintf ('Rejecting pushed response from "%s": pushed headers are invalid ' , $ origin
327322
328323 return CURL_PUSH_DENY ;
329324 }
330325
331- $ url$ headers':scheme ' ].':// ' .$ headers':authority ' ];
326+ $ url$ headers':scheme ' ][ 0 ] .':// ' .$ headers':authority ' ][ 0 ];
332327
333328 if ($ maxPendingPushes\count ($ multipushedResponses )) {
334329 $ logger$ loggerdebug (sprintf ('Rejecting pushed response from "%s" for "%s": the queue is full ' , $ origin$ url
@@ -345,22 +340,38 @@ private static function handlePush($parent, $pushed, array $requestHeaders, Curl
345340 return CURL_PUSH_DENY ;
346341 }
347342
348- $ url$ headers':path ' ];
343+ $ url$ headers':path ' ][ 0 ] ;
349344 $ logger$ loggerdebug (sprintf ('Queueing pushed response: "%s" ' , $ url
350345
351- $ multipushedResponses [$ urlnew PushedResponse (
352- new CurlResponse ($ multi$ pushed
353- [
354- $ headers'authorization ' ] ?? null ,
355- $ headers'cookie ' ] ?? null ,
356- $ headers'x-requested-with ' ] ?? null ,
357- null ,
358- ]
359- );
346+ $ multipushedResponses [$ urlnew PushedResponse (new CurlResponse ($ multi$ pushed$ headers$ multiopenHandles [(int ) $ parent1 ] ?? []);
360347
361348 return CURL_PUSH_OK ;
362349 }
363350
351+ /**
352+ * Accepts pushed responses only if their headers related to authentication match the request.
353+ */
354+ private static function acceptPushForRequest (string $ methodarray $ optionsPushedResponse $ pushedResponsebool
355+ {
356+ if ($ options'body ' ] || $ method$ pushedResponserequestHeaders [':method ' ][0 ]) {
357+ return false ;
358+ }
359+
360+ foreach (['proxy ' , 'no_proxy ' , 'bindto ' ] as $ k
361+ if ($ options$ k$ pushedResponseparentOptions [$ k
362+ return false ;
363+ }
364+ }
365+
366+ foreach (['authorization ' , 'cookie ' , 'range ' , 'proxy-authorization ' ] as $ k
367+ if (($ pushedResponserequestHeaders [$ knull ) !== ($ options'normalized_headers ' ][$ knull )) {
368+ return false ;
369+ }
370+ }
371+
372+ return true ;
373+ }
374+
364375 /**
365376 * Wraps the request's body callback to allow it to return strings longer than curl requested.
366377 */
0 commit comments