Merge pull request #5249 from kenjis/remove-curl-headers-sharing

Fix: remove CURLRequest headers sharing from $_SERVER

Author: kenjis

app/Config/CURLRequest.php

@@ -0,0 +1,22 @@
+<?php
+
+namespace Config;
+
+use CodeIgniter\Config\BaseConfig;
+
+class CURLRequest extends BaseConfig
+{
+    /**
+     * --------------------------------------------------------------------------
+     * CURLRequest Share Options
+     * --------------------------------------------------------------------------
+     *
+     * Whether share options between requests or not.
+     *
+     * If true, all the options won't be reset between requests.
+     * It may cause an error request with unnecessary headers.
+     *
+     * @var bool
+     */
+    public $shareOptions = true;
+}

env

@@ -124,3 +124,9 @@
 #--------------------------------------------------------------------
 
 # logger.threshold = 4
+
+#--------------------------------------------------------------------
+# CURLRequest
+#--------------------------------------------------------------------
+
+# curlrequest.shareOptions = true

system/HTTP/CURLRequest.php

@@ -13,6 +13,7 @@
 
 use CodeIgniter\HTTP\Exceptions\HTTPException;
 use Config\App;
+use Config\CURLRequest as ConfigCURLRequest;
 use InvalidArgumentException;
 
 /**
@@ -42,7 +43,14 @@ class CURLRequest extends Request
      *
      * @var array
      */
-    protected $config = [
+    protected $config;
+
+    /**
+     * The default setting values
+     *
+     * @var array
+     */
+    protected $defaultConfig = [
         'timeout'         => 0.0,
         'connect_timeout' => 150,
         'debug'           => false,
@@ -72,6 +80,23 @@ class CURLRequest extends Request
      */
     protected $delay = 0.0;
 
+    /**
+     * The default options from the constructor. Applied to all requests.
+     *
+     * @var array
+     */
+    private $defaultOptions;
+
+    /**
+     * Whether share options between requests or not.
+     *
+     * If true, all the options won't be reset between requests.
+     * It may cause an error request with unnecessary headers.
+     *
+     * @var bool
+     */
+    private $shareOptions;
+
     /**
      * Takes an array of options to set the following possible class properties:
      *
@@ -92,9 +117,15 @@ public function __construct(App $config, URI $uri, ?ResponseInterface $response
 
         parent::__construct($config);
 
-        $this->response = $response;
-        $this->baseURI  = $uri->useRawQueryString();
+        $this->response       = $response;
+        $this->baseURI        = $uri->useRawQueryString();
+        $this->defaultOptions = $options;
+
+        /** @var ConfigCURLRequest|null $configCURLRequest */
+        $configCURLRequest  = config('CURLRequest');
+        $this->shareOptions = $configCURLRequest->shareOptions ?? true;
 
+        $this->config = $this->defaultConfig;
         $this->parseOptions($options);
     }
 
@@ -114,9 +145,29 @@ public function request($method, string $url, array $options = []): ResponseInte
 
         $this->send($method, $url);
 
+        if ($this->shareOptions === false) {
+            $this->resetOptions();
+        }
+
         return $this->response;
     }
 
+    /**
+     * Reset all options to default.
+     */
+    protected function resetOptions()
+    {
+        // Reset headers
+        $this->headers   = [];
+        $this->headerMap = [];
+
+        // Reset configs
+        $this->config = $this->defaultConfig;
+
+        // Set the default options for next request
+        $this->parseOptions($this->defaultOptions);
+    }
+
     /**
      * Convenience method for sending a GET request.
      */
@@ -350,27 +401,17 @@ public function send(string $method, string $url)
     }
 
     /**
-     * Takes all headers current part of this request and adds them
-     * to the cURL request.
+     * Adds $this->headers to the cURL request.
      */
     protected function applyRequestHeaders(array $curlOptions = []): array
     {
         if (empty($this->headers)) {
-            $this->populateHeaders();
-            // Otherwise, it will corrupt the request
-            $this->removeHeader('Host');
-            $this->removeHeader('Accept-Encoding');
-        }
-
-        $headers = $this->headers();
-
-        if (empty($headers)) {
             return $curlOptions;
         }
 
         $set = [];
 
-        foreach (array_keys($headers) as $name) {
+        foreach (array_keys($this->headers) as $name) {
             $set[] = $name . ': ' . $this->getHeaderLine($name);
         }