From 8981ed868007959576fcb16fc5e26e299019d53d Mon Sep 17 00:00:00 2001 From: Ivanka Todorova Date: Thu, 15 Jun 2023 13:07:04 +0300 Subject: [PATCH] feat: pass only a specified headers to proxy request --- src/Proxy.php | 23 ++++++++++++++++++++--- tests/Unit/ProxyTest.php | 12 ++++++------ 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/src/Proxy.php b/src/Proxy.php index f677f14..8a1dbff 100644 --- a/src/Proxy.php +++ b/src/Proxy.php @@ -28,6 +28,7 @@ class Proxy */ public function __construct( private readonly array $allowedHosts, + private readonly array $allowedHeaders = ['Content-Type', 'Accept'], private ?Request $request = null, private ?Response $response = null, private ?Client $client = null @@ -66,9 +67,7 @@ private function redirect(): Proxy array_merge([ // response to proxy through 404, 500, etc 'http_errors' => false, - // "redirect" all headers - 'headers' => $this->request->headers->all(), - ], $this->buildParameters()) + ], $this->buildParameters(), $this->buildHeaders()) ); // pass response headers from proxy request to our response @@ -126,4 +125,22 @@ private function buildParameters(): array 'form_params' => $this->request->getPayload()->all() ]; } + + /** + * Builds headers from incoming request, filtering out everything, but $allowedHeaders. + * @return array + */ + private function buildHeaders(): array + { + $lowercaseAllowedHeaders = array_map(fn(string $value) => strtolower($value), $this->allowedHeaders); + + $headers = array_filter( + $this->request->headers->all(), + fn(string $key) => in_array($key, $lowercaseAllowedHeaders), + ARRAY_FILTER_USE_KEY + ); + + return compact('headers'); + } + } \ No newline at end of file diff --git a/tests/Unit/ProxyTest.php b/tests/Unit/ProxyTest.php index 2c910cd..4a3b62b 100644 --- a/tests/Unit/ProxyTest.php +++ b/tests/Unit/ProxyTest.php @@ -13,7 +13,7 @@ it('throws exception if disallowed host is passed', function () { $request = new Request(['url' => 'https://google.com']); - (new Proxy(['https://definitely-not-google.com'], $request)) + (new Proxy(['https://definitely-not-google.com'], ['Content-Type', 'Accept'], $request)) ->handle(); })->throws(HostNotAllowedException::class); @@ -25,7 +25,7 @@ $request = new Request(['url' => 'https://google.com']); $response = new HttpFoundationResponse(); - (new Proxy(['google.com'], $request, $response, $client)) + (new Proxy(['google.com'], ['X-Foo'], $request, $response, $client)) ->handle(); expect($response->headers->get('X-Foo'))->toBe('Bar'); @@ -47,7 +47,7 @@ $request = new Request(['url' => 'https://google.com'], [], [], [], [], ['HTTP_X-Foo' => 'Bar']); $response = new HttpFoundationResponse(); - (new Proxy(['google.com'], $request, $response, $client)) + (new Proxy(['google.com'], ['X-Foo'], $request, $response, $client)) ->handle(); expect(count($container))->toBe(1) @@ -71,7 +71,7 @@ $request = new Request(['url' => 'https://google.com', 'param1' => 'value1', 'param2' => 'value2']); $response = new HttpFoundationResponse(); - (new Proxy(['google.com'], $request, $response, $client)) + (new Proxy(['google.com'], [], $request, $response, $client)) ->handle(); @@ -97,7 +97,7 @@ $response = new HttpFoundationResponse(); - (new Proxy(['google.com'], $request, $response, $client)) + (new Proxy(['google.com'], [], $request, $response, $client)) ->handle(); @@ -123,7 +123,7 @@ $response = new HttpFoundationResponse(); - (new Proxy(['google.com'], $request, $response, $client)) + (new Proxy(['google.com'], [], $request, $response, $client)) ->handle();