php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #46703 default headers blocks correct http responce
Submitted: 2008-11-27 23:47 UTC Modified: 2011-04-09 08:02 UTC
From: zent at piments dot com Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 5.2.6 OS: linux
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: zent at piments dot com
New email:
PHP Version: OS:

 

 [2008-11-27 23:47 UTC] zent at piments dot com 
Description:
------------
if no call is made to header() , php inserts Content-Type: text/html

this may well be incorrect, as for example in creating image/png

HTTP spec allows sending content without a content-type header and allows the client to detect type from the data, in this case first four bytes are %PNG

However, this content sniffing is allowed "if and only if" there are no headers explicitly present.

Thus in adding a default text (or other inappropriate default) header php is preventing the client from correctly displaying the data.



Reproduce code:
---------------
<?php
$i=imagecreate(....);
imagepng($i);
imagedestroy($i);
?>

Expected result:
----------------
data served without content-type header and correctly interpreted by client sniffing content as defined in spec.

Actual result:
--------------
incorrect insertion of erroneous header forces image data to be displayed as text.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-08 20:50 UTC] jani@php.net
-Status: Open +Status: Bogus -Package: Feature/Change Request +Package: *General Issues
 [2011-04-08 20:50 UTC] jani@php.net 
Just set the correct header with header(). No bug here.
 [2011-04-09 07:52 UTC] zent at piments dot com 
using an extra step : using header() as you suggest is a workaround and does not make the bug "bogus". 

As I said in the bug report, not sending a header is legit according to the spec and would produce correct results but for this BUG inserting *incorrect* headers without being asked. 

Sorry that's a bug. Your suggested solution is a workaround for that bug.
 [2011-04-09 08:02 UTC] zent at piments dot com 
I find it hard to understand how you can maintain that unconditionally adding incorrect headers to legitimate output is not a bug. If the spec required headers there *may* be some case to argue for adding a default, but that is not the case. 

Please reopen or fix this bug.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Jul 20 21:00:02 2025 UTC