VerifyHostHeader implements MiddlewareInterface

Checks if the provided host header value matches the trusted hosts pattern.

Internal

Table of Contents

Interfaces

MiddlewareInterface

Constants

ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL  = '.*'
ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME  = 'SERVER_NAME'

Properties

$trustedHostsPattern  : string

Methods

__construct()  : mixed
isAllowedHostHeaderValue()  : bool
Checks if the provided host header value matches the trusted hosts pattern.
process()  : ResponseInterface
hostHeaderValueMatchesTrustedHostsPattern()  : bool
Checks if the provided host header value matches the trusted hosts pattern without any preprocessing.
webserverUsesHttps()  : bool
Determine if the webserver uses HTTPS.

Constants

ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL

public mixed ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL = '.*'

ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME

public mixed ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME = 'SERVER_NAME'

Properties

$trustedHostsPattern

protected string $trustedHostsPattern

Methods

__construct()

public __construct(string $trustedHostsPattern) : mixed
Parameters
$trustedHostsPattern : string

isAllowedHostHeaderValue()

Checks if the provided host header value matches the trusted hosts pattern.

public isAllowedHostHeaderValue(string $hostHeaderValue, array<string|int, mixed> $serverParams) : bool
Parameters
$hostHeaderValue : string

HTTP_HOST header value as sent during the request (may include port)

$serverParams : array<string|int, mixed>
Return values
bool

process()

public process(ServerRequestInterface $request, RequestHandlerInterface $handler) : ResponseInterface
Parameters
$request : ServerRequestInterface
$handler : RequestHandlerInterface
Return values
ResponseInterface

hostHeaderValueMatchesTrustedHostsPattern()

Checks if the provided host header value matches the trusted hosts pattern without any preprocessing.

protected hostHeaderValueMatchesTrustedHostsPattern(string $hostHeaderValue, array<string|int, mixed> $serverParams) : bool
Parameters
$hostHeaderValue : string
$serverParams : array<string|int, mixed>
Return values
bool

webserverUsesHttps()

Determine if the webserver uses HTTPS.

protected webserverUsesHttps(array<string|int, mixed> $serverParams) : bool

HEADS UP: This does not check if the client performed a HTTPS request, as possible proxies are not taken into account. It provides raw information about the current webservers configuration only.

Parameters
$serverParams : array<string|int, mixed>
Return values
bool 

        

        
    




    

    

                            

            

                            
    

        On this page

        
    


            

                    

        

    

        

            
Search results