fix: emit full raw http responses

This commit is contained in:
Marek Miklewicz
2026-06-30 19:53:28 +02:00
parent d5894a1935
commit e2814fd81c
4 changed files with 88 additions and 23 deletions
+74 -21
View File
@@ -37,23 +37,26 @@ final class Http
public static function redirectNoStore(string $url): void
{
header('Cache-Control: no-store, private');
header('Pragma: no-cache');
header('Referrer-Policy: no-referrer');
header('X-Content-Type-Options: nosniff');
header('Location: ' . $url, true, 302);
self::sendResponse(302, [
'Cache-Control' => 'no-store, private',
'Pragma' => 'no-cache',
'Referrer-Policy' => 'no-referrer',
'X-Content-Type-Options' => 'nosniff',
'Location' => $url,
], '');
exit;
}
public static function browserRedirectNoStore(string $url): void
{
header('Content-Type: text/html; charset=UTF-8');
header('Cache-Control: no-store, private');
header('Pragma: no-cache');
header('Referrer-Policy: no-referrer');
header('X-Content-Type-Options: nosniff');
header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; base-uri 'none'; form-action 'none'");
echo self::redirectPageHtml($url);
self::sendResponse(200, [
'Content-Type' => 'text/html; charset=UTF-8',
'Cache-Control' => 'no-store, private',
'Pragma' => 'no-cache',
'Referrer-Policy' => 'no-referrer',
'X-Content-Type-Options' => 'nosniff',
'Content-Security-Policy' => "default-src 'none'; script-src 'unsafe-inline'; style-src 'unsafe-inline'; base-uri 'none'; form-action 'none'",
], self::redirectPageHtml($url));
exit;
}
@@ -78,16 +81,66 @@ final class Http
public static function errorPage(string $message, int $status): void
{
http_response_code($status);
header('Content-Type: text/html; charset=UTF-8');
header('Cache-Control: no-store, private');
header('Referrer-Policy: no-referrer');
$safe = htmlspecialchars($message, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
echo '<!doctype html><html lang="pl"><head><meta charset="utf-8">';
echo '<meta name="viewport" content="width=device-width, initial-scale=1">';
echo '<title>Serwer poczty</title></head><body>';
echo '<h1>Serwer poczty</h1><p>' . $safe . '</p>';
echo '</body></html>';
$body = '<!doctype html><html lang="pl"><head><meta charset="utf-8">'
. '<meta name="viewport" content="width=device-width, initial-scale=1">'
. '<title>Serwer poczty</title></head><body>'
. '<h1>Serwer poczty</h1><p>' . $safe . '</p>'
. '</body></html>';
self::sendResponse($status, [
'Content-Type' => 'text/html; charset=UTF-8',
'Cache-Control' => 'no-store, private',
'Referrer-Policy' => 'no-referrer',
], $body);
exit;
}
/**
* @param array<string,string> $headers
*/
public static function rawHttpResponse(int $status, array $headers, string $body): string
{
$headers['Content-Length'] = (string)strlen($body);
$lines = ['HTTP/1.1 ' . $status . ' ' . self::reasonPhrase($status)];
foreach ($headers as $name => $value) {
$safeName = preg_replace('/[^A-Za-z0-9-]/', '', (string)$name) ?? '';
if ($safeName === '') {
continue;
}
$safeValue = str_replace(["\r", "\n"], '', (string)$value);
$lines[] = $safeName . ': ' . $safeValue;
}
return implode("\r\n", $lines) . "\r\n\r\n" . $body;
}
/**
* @param array<string,string> $headers
*/
private static function sendResponse(int $status, array $headers, string $body): void
{
if (PHP_SAPI === 'cli') {
echo self::rawHttpResponse($status, $headers, $body);
return;
}
http_response_code($status);
foreach ($headers as $name => $value) {
header($name . ': ' . $value);
}
header('Content-Length: ' . strlen($body));
echo $body;
}
private static function reasonPhrase(int $status): string
{
return match ($status) {
200 => 'OK',
302 => 'Found',
403 => 'Forbidden',
405 => 'Method Not Allowed',
500 => 'Internal Server Error',
502 => 'Bad Gateway',
default => 'OK',
};
}
}