php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #46703 default headers blocks correct http responce
Submitted: 2008-11-27 23:47 UTC Modified: 2011-04-09 08:02 UTC
From: zent at piments dot com Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 5.2.6 OS: linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: zent at piments dot com
New email:
PHP Version: OS:

 

 [2008-11-27 23:47 UTC] zent at piments dot com 
Description:
------------
if no call is made to header() , php inserts Content-Type: text/html

this may well be incorrect, as for example in creating image/png

HTTP spec allows sending content without a content-type header and allows the client to detect type from the data, in this case first four bytes are %PNG

However, this content sniffing is allowed "if and only if" there are no headers explicitly present.

Thus in adding a default text (or other inappropriate default) header php is preventing the client from correctly displaying the data.



Reproduce code:
---------------
<?php
$i=imagecreate(....);
imagepng($i);
imagedestroy($i);
?>

Expected result:
----------------
data served without content-type header and correctly interpreted by client sniffing content as defined in spec.

Actual result:
--------------
incorrect insertion of erroneous header forces image data to be displayed as text.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-04-08 20:50 UTC] jani@php.net
-Status: Open +Status: Bogus -Package: Feature/Change Request +Package: *General Issues
 [2011-04-08 20:50 UTC] jani@php.net 
Just set the correct header with header(). No bug here.
 [2011-04-09 07:52 UTC] zent at piments dot com 
using an extra step : using header() as you suggest is a workaround and does not make the bug "bogus". 

As I said in the bug report, not sending a header is legit according to the spec and would produce correct results but for this BUG inserting *incorrect* headers without being asked. 

Sorry that's a bug. Your suggested solution is a workaround for that bug.
 [2011-04-09 08:02 UTC] zent at piments dot com 
I find it hard to understand how you can maintain that unconditionally adding incorrect headers to legitimate output is not a bug. If the spec required headers there *may* be some case to argue for adding a default, but that is not the case. 

Please reopen or fix this bug.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun Jul 20 21:00:02 2025 UTC