php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #23488 zlib output compression clobbers user-supplied Vary: header
Submitted: 2003-05-05 04:44 UTC Modified: 2003-09-10 04:56 UTC
From: m at mlcastle dot net Assigned:
Status: Closed Package: Feature/Change Request
PHP Version: 4.3.1 OS: GNU/Linux 2.2.25
Private report: No CVE-ID:
 [2003-05-05 04:44 UTC] m at mlcastle dot net
If zlib.output_compression is on, then it (sensibly) sends a
Vary: Accept-Encoding
header to the browser. However, if the user's script has sent its own Vary: header, then that header will get clobbered by zlib's. Better solutions would be to either:
 * let the user's header take preference, and caution the user to include Accept-Encoding in the custom one, or
 * magically combine the user's header and the zlib one.

Refernece: RFC 2616 (HTTP/1.1 Spec), Section 14.44

Sample script:

<?php
   ini_set('zlib.output_compression', 'on');

   // do something with $_SERVER['HTTP_ACCEPT_LANGUAGE']
   header('Vary: Accept-Language');

   // output something
?>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-02 11:08 UTC] moriyoshi@php.net
Same as bug #24827
 [2003-08-02 11:11 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 [2003-09-10 04:56 UTC] sr@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/.

Sorry, the first fix was only for ob_gzhandler, but now it should be fixed for zlib.output_compression, too.
 [2012-12-09 18:09 UTC] mtanalin at yandex dot ru
It seems we still (again?) have this in PHP 5.3 and 5.4. Tested with latest 5.3.19 and 5.4.9.

Testcase:

	<?php
	header('Vary: X-Requested-With');
	ob_start('ob_gzhandler');

	echo 'Hello world.';
	// As a result, we have wrong `Vary: Accept-Encoding`,
	// though we should have `Vary: X-Requested-With,Accept-Encoding`.

For example, when using Ajax, it's quite typical and handy for Ajax and non-Ajax responses to have exactly same URL and differ in just `X-Requested-With` request-header.

To make it possible for user agents to cache such responses separately (IE9 at least uses common cache for Ajax and non-Ajax responses by default), `Vary: X-Requested-With` header should be set, but it's then wrongly _overrided_ (instead of being appended) with `Vary: Accept-Encoding` header set by `ob_start('ob_gzhandler')`.

Currently, we are forced to add headers with `Header add` of Apache web-server instead of PHP itself to workaround this bug of PHP.

Thanks.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 21:01:56 2014 UTC