Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[3.x/4.x]: craft\web\Request::accepts() doesn't deal with wildcards #13759

Closed
msbit opened this issue Sep 29, 2023 · 3 comments
Closed

[3.x/4.x]: craft\web\Request::accepts() doesn't deal with wildcards #13759

msbit opened this issue Sep 29, 2023 · 3 comments
Assignees
@i-just
Labels
bug craft3

Comments

@msbit
Copy link

msbit commented Sep 29, 2023

What happened?

When submitting a request with the header:

Accept: */*

craft\web\Request::accepts('application/json') will return false as it's explicitly checking for the existence of application/json.

From my understanding of the header, it should return true, as it should for application/* (and */*, trivially 😀).

This is the case both on Craft 3 and Craft 4.

Reproduction:

$request = new \craft\web\Request();
$request->setAcceptableContentTypes($request->parseAcceptHeader('*/*'));
var_dump($request->accepts('application/json'));
var_dump($request->accepts('application/*'));
var_dump($request->accepts('*/*'));

outputs:

bool(false)
bool(false)
bool(true)

Craft CMS version

3.8.9

PHP version

No response

Operating system and version

No response

Database type and version

No response

Image driver and version

No response

Installed plugins and versions

No response
@i-just i-just self-assigned this Oct 9, 2023
@i-just i-just mentioned this issue Oct 9, 2023
Merged
@brandonkelly
Copy link
Member

This is resolved for the next Craft 4 release, via #13802.

Supporting */* seems a little dangerous, as we currently check accepts('application/json') when determining whether we should send JSON responses back, and I’m worried we’d start getting some false positives with */*.

@msbit
Copy link
Author

msbit commented Oct 9, 2023
edited
Loading

@brandonkelly yep, that check (Request::getAcceptsJson) is what brought me to this issue.

I’m worried we’d start getting some false positives with /

Unfortunately I'd say that's likely, though it depends on how "false" you'd rate those positives; if a user agent specifically says they will Accept anything (*/*) I'd say it's on them.

Perhaps the call-sites need work then, or a change in the stated intent (getAcceptsJson -> getAcceptsStrictlyJson ?) along with getAcceptsImage (to getAcceptsAnyImage ?).

@brandonkelly
Copy link
Member

Craft 4.5.7 is out with that change.

Perhaps the call-sites need work then, or a change in the stated intent (getAcceptsJson -> getAcceptsStrictlyJson ?) along with getAcceptsImage (to getAcceptsAnyImage ?).

Maybe that would be more semantic, but would be a pretty big breaking change too, and getAcceptsJson() was originally added as a more semantic/reliable replacement for getIsAjax() (which relies on a nonstandard X-Requested-With: XMLHttpRequest header).

I’d be more inclined to add a new getAcceptsAny() method you could call in addition to getAcceptsJson() etc. Feel free to post a new discussion for that, if you feel there’s a need for it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@i-just i-just

Labels
bug craft3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@brandonkelly @msbit @i-just