PHP :: Bug #76204 :: Remove the partial support for the CONNECT method

Bug #76204

Remove the partial support for the CONNECT method

Submitted:

2018-04-10 15:59 UTC

Modified:

2019-06-13 10:12 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	1 (100.0%)

From:

sid dot pasquale at gmail dot com

Assigned:

selim61 (profile)

Status:

Assigned

Package:

Built-in web server

PHP Version:

7.0.29

OS:

linux

Private report:

CVE-ID:

None

View Developer Edit

[2018-04-10 15:59 UTC] sid dot pasquale at gmail dot com

Description:
------------
PHP HTTP built-in server doesn't support CONNECT HTTP method

Test script:
---------------
Starting built-in server:
sid@zen:~$ php -S 127.0.0.1:8080

Test with some working HTTP methods:
sid@zen:~$ echo -en "GET / HTTP/1.1\r\n\r\n" | nc localhost 8080 | head -n 1
HTTP/1.1 404 Not Found

sid@zen:~$ echo -en "FOO / HTTP/1.1\r\n\r\n" | nc localhost 8080 | head -n 1
HTTP/1.1 501 Not Implemented

Not working:
sid@zen:~$ echo -en "CONNECT www.example.com:443 HTTP/1.1\r\n\r\n" | nc localhost 8080 | head -n 1

Actual result:
--------------
[Tue Apr 10 17:51:27 2018] 127.0.0.1:44676 Invalid request (Malformed HTTP request)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-04-10 16:05 UTC] requinix@php.net

-Status: Open +Status: Duplicate

[2018-04-10 16:05 UTC] requinix@php.net

CONNECT is not supported because the built-in server is a simple server for simple development uses.
See request #72619.

[2018-04-10 16:14 UTC] sid dot pasquale at gmail dot com

So the expected result should be "501 Not Implemented".

Furthermore "CONNECT" (like PATCH) seems to be implemented:
https://github.com/php/php-src/search?utf8=%E2%9C%93&q=PHP_HTTP_CONNECT&type=

Working "PATCH" example:
sid@zen:~$ echo -en "PATCH / HTTP/1.1\r\n\r\n" | nc localhost 8080 | head -n 1
HTTP/1.1 404 Not Found

[2018-04-10 16:26 UTC] sid dot pasquale at gmail dot com

"CONNECT" was defined on line 85 of "php_http_parser.c": https://github.com/php/php-src/blob/PHP-7.0.13/sapi/cli/php_http_parser.c#L85

[2018-04-10 16:31 UTC] requinix@php.net

-Summary: CONNECT method doesn't work +Summary: Remove the partial support for the CONNECT method -Status: Duplicate +Status: Open

[2018-04-10 16:31 UTC] requinix@php.net

Why...

Yes, it's in there, but it's not actually supported. My guess is that the person who included CONNECT thought it was like every other verb. It isn't.

A proper implementation of tunneling is beyond the scope of the built-in server. The partial support in there should be removed.

[2018-04-18 18:27 UTC] cmb@php.net

FTR: <https://github.com/php/php-src/pull/3220>

[2018-04-18 22:21 UTC] cmb@php.net

-Status: Open +Status: Analyzed

[2019-06-13 10:12 UTC] selim61@php.net

-Status: Analyzed +Status: Assigned -Assigned To: +Assigned To: selim61

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 14:01:29 2024 UTC