php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #61417 header() does not necessarily send a raw HTTP header
Submitted: 2012-03-16 16:55 UTC Modified: 2015-04-13 16:28 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: chealer at gmail dot com Assigned:
Status: Open Package: *Network Functions
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: chealer at gmail dot com
New email:
PHP Version: OS:

 

 [2012-03-16 16:55 UTC] chealer at gmail dot com
Description:
------------
http://ca2.php.net/manual/en/function.header.php contains:

header — Send a raw HTTP header

header() is used to send a raw HTTP header. See the » HTTP/1.1 specification for more information on HTTP headers.


However, sending raw HTTP headers is only one of header()'s functions. Other important functions include sending a Status-Line and setting CGI fields.

In fact, the documentation page itself shows such examples:


There are two special-case header calls. The first is a header that starts with the string "HTTP/" (case is not significant), which will be used to figure out the HTTP status code to send. For example, if you have configured Apache to use a PHP script to handle requests for missing files (using the ErrorDocument directive), you may want to make sure that your script generates the proper status code.

<?php
header("HTTP/1.0 404 Not Found");
?>

For FastCGI you must use the following for a 404 response:
<?php
header("Status: 404 Not Found");
?>

The second special case is the "Location:" header. Not only does it send this header back to the browser, but it also returns a REDIRECT (302) status code to the browser unless the 201 or a 3xx status code has already been set.

<?php
header("Location: http://www.example.com/"); /* Redirect browser */

/* Make sure that code below does not get executed when we redirect. */
exit;
?>


CGI fields are documented in http://tools.ietf.org/html/rfc3875#section-6.3
Status is *not* an HTTP header - running
header("Status: 404 Not Found");
when not in CGI mode will send a raw "Status" HTTP header, which is undefined.


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-04-13 16:28 UTC] cmb@php.net
-Type: Bug +Type: Documentation Problem -Package: Documentation problem +Package: *Network Functions
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Jun 20 19:01:26 2019 UTC