1

I want to have properly implemented header parsing in my app. However, for example, let's have headers such as:

HTTP/1.1 200 OK
...
Foo: Bar
Foo: Baz

In this case, using getallheaders() returns only Foo => Bar and Baz value is dropped. Is there any other way to get all header values?

Improve this question
2
  • 1
    It sounds like this is dependent upon the SAPI that it is running under: bugs.php.net/bug.php?id=78844 Commented Feb 12, 2021 at 13:35
  • Fair enough. Make it as an answer, please. I'll approve it. Commented Feb 12, 2021 at 14:19

1 Answer 1

Reset to default
3

According to this bug report, this appears to be dependent upon which SAPI you are using for PHP. The basic question/statement was:

If I make request:

GET / HTTP/1.1
Forwarded: for=10.0.0.1,for=20.30.40.50;host=php.net,host=awesome.proxy.com;proto=https,proto=http
Forwarded: for=10.30.20.10;host=second.awesome.proxy.com;proto=http

I get 3 different responses based on SAPI

  • FPM only keeps last header
  • php -s only keeps first header
  • apache concatenates them with ,

And the response to the ticket was:

The ability to get headers is highly dependent on the SAPI. Apache's works nicely, but php -s is just a quick development server that is not going to be suitable for all purposes.

So really, the issue here is that php-fpm doesn't properly handle multiple headers. The HTTP spec requires that multiple headers only be allowed when their values can be combined into comma-separated lists, which means $_SERVER and getallheaders() are still sufficient.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.