Psr18Client ignore invalid HTTP headers

nuryagdym · nuryagdym · commit 095274039721 · 2022-09-04T19:31:03.000+02:00
diff --git a/Psr18Client.php b/Psr18Client.php
@@ -100,7 +100,11 @@ public function sendRequest(RequestInterface $request): ResponseInterface
 
             foreach ($response->getHeaders(false) as $name => $values) {
                 foreach ($values as $value) {
-                    $psrResponse = $psrResponse->withAddedHeader($name, $value);
+                    try {
+                        $psrResponse = $psrResponse->withAddedHeader($name, $value);
+                    } catch (\InvalidArgumentException $e) {
+                        // ignore invalid header
+                    }
                 }
             }
 
diff --git a/Tests/Psr18ClientTest.php b/Tests/Psr18ClientTest.php
@@ -13,10 +13,12 @@
 
 use Nyholm\Psr7\Factory\Psr17Factory;
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpClient\MockHttpClient;
 use Symfony\Component\HttpClient\NativeHttpClient;
 use Symfony\Component\HttpClient\Psr18Client;
 use Symfony\Component\HttpClient\Psr18NetworkException;
 use Symfony\Component\HttpClient\Psr18RequestException;
+use Symfony\Component\HttpClient\Response\MockResponse;
 use Symfony\Contracts\HttpClient\Test\TestHttpServer;
 
 class Psr18ClientTest extends TestCase
@@ -81,4 +83,22 @@ public function test404()
         $response = $client->sendRequest($factory->createRequest('GET', 'http://localhost:8057/404'));
         $this->assertSame(404, $response->getStatusCode());
     }
+
+    public function testInvalidHeaderResponse()
+    {
+        $responseHeaders = [
+            // space in header name not allowed in RFC 7230
+            ' X-XSS-Protection' => '0',
+            'Cache-Control' => 'no-cache',
+        ];
+        $response = new MockResponse('body', ['response_headers' => $responseHeaders]);
+        $this->assertArrayHasKey(' x-xss-protection', $response->getHeaders());
+
+        $client = new Psr18Client(new MockHttpClient($response));
+        $request = $client->createRequest('POST', 'http://localhost:8057/post')
+            ->withBody($client->createStream('foo=0123456789'));
+
+        $resultResponse = $client->sendRequest($request);
+        $this->assertCount(1, $resultResponse->getHeaders());
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,11 @@ public function sendRequest(RequestInterface $request): ResponseInterface`
`100`	`100`
`101`	`101`	`foreach ($response->getHeaders(false) as $name => $values) {`
`102`	`102`	`foreach ($values as $value) {`
`103`		`- $psrResponse = $psrResponse->withAddedHeader($name, $value);`
	`103`	`+ try {`
	`104`	`+ $psrResponse = $psrResponse->withAddedHeader($name, $value);`
	`105`	`+ } catch (\InvalidArgumentException $e) {`
	`106`	`+ // ignore invalid header`
	`107`	`+ }`
`104`	`108`	`}`
`105`	`109`	`}`
`106`	`110`