ScotWatson
New Member
- Messages
- 22
- Reaction score
- 0
- Points
- 1
It is possible for an HTTP request to have multiple headers of the same field-name, but PHP only reveals headers through $_SERVER['HTTP_*'] values and getallheaders(), neither of which can return multiple values for the same field-name. I tested sending multiple authorization headers. The results show the behavior is different depending on casing, even though servers should not have different behavior based on casing. Should I send a bug report for this? How should I write PHP code to reliably handle multiple request readers?
Request (1):
GET /test HTTP/1.1
host: sw-testing.x10.mx
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36
accept-language: en-US,en;q=0.9
accept-encoding: identity
Authorization: A
authorization: B
getallheaders() (1):
array (
'Host' => 'sw-testing.x10.mx',
'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36',
'Accept-Language' => 'en-US,en;q=0.9',
'Accept-Encoding' => 'identity',
'Authorization' => 'A',
'authorization' => 'B',
)
$_SERVER['HTTP_*'] (1):
array (
'HTTP_ACCEPT_ENCODING' => 'identity',
'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.9',
'HTTP_AUTHORIZATION' => 'B',
'HTTP_HOST' => 'sw-testing.x10.mx',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36',
)
Request (2):
GET /test HTTP/1.1
host: sw-testing.x10.mx
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36
accept-language: en-US,en;q=0.9
accept-encoding: identity
authorization: A
Authorization: B
getallheaders() (2):
array (
'Host' => 'sw-testing.x10.mx',
'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36',
'Accept-Language' => 'en-US,en;q=0.9',
'Accept-Encoding' => 'identity',
'Authorization' => 'B',
)
$_SERVER['HTTP_*'] (2):
array (
'HTTP_ACCEPT_ENCODING' => 'identity',
'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.9',
'HTTP_AUTHORIZATION' => 'B',
'HTTP_HOST' => 'sw-testing.x10.mx',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36',
)
Request (1):
GET /test HTTP/1.1
host: sw-testing.x10.mx
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36
accept-language: en-US,en;q=0.9
accept-encoding: identity
Authorization: A
authorization: B
getallheaders() (1):
array (
'Host' => 'sw-testing.x10.mx',
'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36',
'Accept-Language' => 'en-US,en;q=0.9',
'Accept-Encoding' => 'identity',
'Authorization' => 'A',
'authorization' => 'B',
)
$_SERVER['HTTP_*'] (1):
array (
'HTTP_ACCEPT_ENCODING' => 'identity',
'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.9',
'HTTP_AUTHORIZATION' => 'B',
'HTTP_HOST' => 'sw-testing.x10.mx',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36',
)
Request (2):
GET /test HTTP/1.1
host: sw-testing.x10.mx
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36
accept-language: en-US,en;q=0.9
accept-encoding: identity
authorization: A
Authorization: B
getallheaders() (2):
array (
'Host' => 'sw-testing.x10.mx',
'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36',
'Accept-Language' => 'en-US,en;q=0.9',
'Accept-Encoding' => 'identity',
'Authorization' => 'B',
)
$_SERVER['HTTP_*'] (2):
array (
'HTTP_ACCEPT_ENCODING' => 'identity',
'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.9',
'HTTP_AUTHORIZATION' => 'B',
'HTTP_HOST' => 'sw-testing.x10.mx',
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36',
)