Hi everybody, If I look into the *Response *object, in *sendHeaders* method, I feel it is something missing.
Let me know your opinion : The php *header *function has 3 parameters, I very rarely see somebody use more than one parameter (cf. doc http://www.php.net/manual/en/function.header.php) header ( string $string [, bool $replace = true [, int $http_response_code ]] ) The second parameter can be usefull to replace a header already set. Imagine you want to use the Symfony Response object in an old web site where *session_start()* is always executed (because it is too hard for you to write horrible code, even into an horrible coded site) ... For example you want to generate an image ... if you don't use the *replace*parameter in *header* calls, you cannot have good cache headers for a good browser caching ... that's bad, this stupid session_start is making all the stuff for cookies and you have *pragma: no-cache* and so on into headers. In some case like that, it would be nice to have a *Response *parameter which allow you to tells the *Response *object to replace all headers. I would change Response object with this code : protected $replaceHeaders = false; public function getReplaceHeaders() { return $this->replaceHeaders; } public function setReplaceHeaders($replace) { $this->replaceHeaders = $replace == true; } public function sendHeaders() { // headers have already been sent by the developer if ( headers_sent() ) { return; } if ( $this->replaceHeaders ) { header('Pragma:', true); // try to remove the no-cache pragma sent by session cookie } $this->prepare(); // status header(sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText), $this->replaceHeaders); // headers foreach ( $this->headers->all() as $name => $values ) { foreach ( $values as $value ) { header($name . ': ' . $value*, $this->replaceHeaders*); } } // cookies foreach ( $this->headers->getCookies() as $cookie ) { setcookie($cookie->getName(), $cookie->getValue(), $cookie->getExpiresTime(), $cookie->getPath(), $cookie->getDomain(), $cookie->isSecure(), $cookie->isHttpOnly()); } } -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
