php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #76204 Remove the partial support for the CONNECT method
Submitted: 2018-04-10 15:59 UTC Modified: 2019-06-13 10:12 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: sid dot pasquale at gmail dot com Assigned: selim61 (profile)
Status: Assigned Package: Built-in web server
PHP Version: 7.0.29 OS: linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: sid dot pasquale at gmail dot com
New email:
PHP Version: OS:

 

 [2018-04-10 15:59 UTC] sid dot pasquale at gmail dot com 
Description:
------------
PHP HTTP built-in server doesn't support CONNECT HTTP method

Test script:
---------------
Starting built-in server:
sid@zen:~$ php -S 127.0.0.1:8080

Test with some working HTTP methods:
sid@zen:~$ echo -en "GET / HTTP/1.1\r\n\r\n" | nc localhost 8080 | head -n 1
HTTP/1.1 404 Not Found

sid@zen:~$ echo -en "FOO / HTTP/1.1\r\n\r\n" | nc localhost 8080 | head -n 1
HTTP/1.1 501 Not Implemented

Not working:
sid@zen:~$ echo -en "CONNECT www.example.com:443 HTTP/1.1\r\n\r\n" | nc localhost 8080 | head -n 1

Actual result:
--------------
[Tue Apr 10 17:51:27 2018] 127.0.0.1:44676 Invalid request (Malformed HTTP request)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-04-10 16:05 UTC] requinix@php.net
-Status: Open +Status: Duplicate
 [2018-04-10 16:05 UTC] requinix@php.net 
CONNECT is not supported because the built-in server is a simple server for simple development uses.
See request #72619.
 [2018-04-10 16:14 UTC] sid dot pasquale at gmail dot com 
So the expected result should be "501 Not Implemented".

Furthermore "CONNECT" (like PATCH) seems to be implemented:
https://github.com/php/php-src/search?utf8=%E2%9C%93&q=PHP_HTTP_CONNECT&type=

Working "PATCH" example:
sid@zen:~$ echo -en "PATCH / HTTP/1.1\r\n\r\n" | nc localhost 8080 | head -n 1
HTTP/1.1 404 Not Found
 [2018-04-10 16:26 UTC] sid dot pasquale at gmail dot com 
"CONNECT" was defined on line 85 of "php_http_parser.c": https://github.com/php/php-src/blob/PHP-7.0.13/sapi/cli/php_http_parser.c#L85
 [2018-04-10 16:31 UTC] requinix@php.net
-Summary: CONNECT method doesn't work +Summary: Remove the partial support for the CONNECT method -Status: Duplicate +Status: Open
 [2018-04-10 16:31 UTC] requinix@php.net 
Why...

Yes, it's in there, but it's not actually supported. My guess is that the person who included CONNECT thought it was like every other verb. It isn't.

A proper implementation of tunneling is beyond the scope of the built-in server. The partial support in there should be removed.
 [2018-04-18 18:27 UTC] cmb@php.net 
FTR: <https://github.com/php/php-src/pull/3220>
 [2018-04-18 22:21 UTC] cmb@php.net
-Status: Open +Status: Analyzed
 [2019-06-13 10:12 UTC] selim61@php.net
-Status: Analyzed +Status: Assigned -Assigned To: +Assigned To: selim61
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 18:01:29 2024 UTC