test(*): Add file_get_contents host header removal

crowdsecurity · Oct 16, 2024 · 6092c74 · 6092c74
1 parent 255ec6c
commit 6092c74
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/src/Client/RequestHandler/FileGetContents.php b/src/Client/RequestHandler/FileGetContents.php
@@ -128,6 +128,7 @@ private function createContextConfig(Request $request): array
         $headers = $request->getValidatedHeaders();
         /**
          * It's not recommended to set the Host header when using file_get_contents (with follow_location).
+         *
          * @see https://www.php.net/manual/en/context.http.php#context.http.header
          * As it was causing issues with PHP 7.2, we are removing it.
          * For AppSec requests, original host is sent in the X-Crowdsec-Appsec-Host header.

diff --git a/tests/Unit/FileGetContentsTest.php b/tests/Unit/FileGetContentsTest.php
@@ -172,6 +172,8 @@ public function testContextConfigForAppSec()
             'X-Crowdsec-Appsec-Method' => 'test-value',
             'X-Crowdsec-Appsec-Uri' => 'test-value',
             'X-Crowdsec-Appsec-Api-Key' => 'test-value',
+            'Host' => 'test-value-should-be-removed',
+            'Custom-Header' => 'test-value-should-be-kept',
         ];
         $rawBody = 'This is a raw body';
         $configs = $this->tlsConfigs;
@@ -198,6 +200,7 @@ public function testContextConfigForAppSec()
 X-Crowdsec-Appsec-Method: test-value
 X-Crowdsec-Appsec-Uri: test-value
 X-Crowdsec-Appsec-Api-Key: test-value
+Custom-Header: test-value-should-be-kept
 ',
                 'ignore_errors' => true,
                 'content' => 'This is a raw body',
@@ -236,6 +239,7 @@ public function testContextConfigForAppSec()
 X-Crowdsec-Appsec-Method: test-value
 X-Crowdsec-Appsec-Uri: test-value
 X-Crowdsec-Appsec-Api-Key: test-value
+Custom-Header: test-value-should-be-kept
 User-Agent: ' . TestConstants::USER_AGENT_SUFFIX . '
 ',
                 'ignore_errors' => true,