Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 24a287f

Browse filesBrowse files
jaytaphfabpot
jaytaph
authored and
fabpot
committed
Don't add Accept-Range header on unsafe HTTP requests
1 parent cb79d91 commit 24a287f
Copy full SHA for 24a287f

File tree

2 files changed

+24
-1
lines changed
Filter options

2 files changed

+24
-1
lines changed

‎src/Symfony/Component/HttpFoundation/BinaryFileResponse.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/BinaryFileResponse.php
+5-1Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -169,7 +169,11 @@ public function setContentDisposition($disposition, $filename = '', $filenameFal
169169
public function prepare(Request $request)
170170
{
171171
$this->headers->set('Content-Length', $this->file->getSize());
172-
$this->headers->set('Accept-Ranges', 'bytes');
172+
173+
if (!$this->headers->has('Accept-Ranges')) {
174+
// Only accept ranges on safe HTTP methods
175+
$this->headers->set('Accept-Ranges', $request->isMethodSafe() ? 'bytes' : 'none');
176+
}
173177

174178
if (!$this->headers->has('Content-Type')) {
175179
$this->headers->set('Content-Type', $this->file->getMimeType() ?: 'application/octet-stream');

‎src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php
+19Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -200,6 +200,25 @@ public function testSplFileObject()
200200
$this->assertEquals(realpath($response->getFile()->getPathname()), realpath($filePath));
201201
}
202202

203+
public function testAcceptRangeOnUnsafeMethods()
204+
{
205+
$request = Request::create('/', 'POST');
206+
$response = BinaryFileResponse::create(__DIR__.'/File/Fixtures/test.gif');
207+
$response->prepare($request);
208+
209+
$this->assertEquals('none', $response->headers->get('Accept-Ranges'));
210+
}
211+
212+
public function testAcceptRangeNotOverriden()
213+
{
214+
$request = Request::create('/', 'POST');
215+
$response = BinaryFileResponse::create(__DIR__.'/File/Fixtures/test.gif');
216+
$response->headers->set('Accept-Ranges', 'foo');
217+
$response->prepare($request);
218+
219+
$this->assertEquals('foo', $response->headers->get('Accept-Ranges'));
220+
}
221+
203222
public function getSampleXAccelMappings()
204223
{
205224
return array(

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.