Make sure Transfer-Encoding is not set, regardless of case

Svish · Svish · commit 7bd010abedac · 2017-02-06T12:15:01.000+01:00
diff --git a/proxy.php b/proxy.php
@@ -1,12 +1,19 @@
 <?php
 
+/**
+ * @param whitelist
+ * @param curl_opts
+ * @param zlib
+ */
+
 // Get stuff
 $headers = getallheaders();
 $method = $_SERVER['REQUEST_METHOD'] ?? 'GET';
 $url = $headers['X-Proxy-Url'] ?? null;
 $cookie = $headers['X-Proxy-Cookie'] ?? null;
 
 
+
 // Check that we have a URL
 if( ! $url)
 	failure(400, "X-Proxy-Url header missing");
@@ -34,7 +41,6 @@
 	$value = ucwords($key, '-').": $value";
 
 
-
 // Init curl
 $curl = curl_init();
 $maxredirs = $opts[CURLOPT_MAXREDIRS] ?? 20;
@@ -78,7 +84,6 @@
 	$out = ob_get_clean();
 
 	// Light error handling
-	// http://php.net/manual/en/curl.constants.php#117723
 	if(curl_errno($curl))
 	switch(curl_errno($curl))
 	{
@@ -95,7 +100,7 @@
 			failure(503, $curl);
 	}
 
-	// HACK: If for any reason redirection doesn't work, do it manually...
+	// HACK: Workaround if not following, which happened once...
 	$url = curl_getinfo($curl, CURLINFO_REDIRECT_URL);
 }
 while($url and --$maxredirs > 0);
@@ -116,16 +121,18 @@
 
 // Get content and headers
 $content = substr($out, $info['header_size']);
-$header = substr($out, 0, $info['header_size']);
+$headers = substr($out, 0, $info['header_size']);
 
 // Rename Set-Cookie header
-$header = preg_replace('/^Set-Cookie:/im', 'X-Proxy-Set-Cookie:', $header);
+$headers = preg_replace('/^Set-Cookie:/im', 'X-Proxy-Set-Cookie:', $headers);
 
 // Output headers
-array_map('header', explode("\r\n", $header));
+foreach(explode("\r\n", $headers) as $h)
+	// HACK: Prevent chunked encoding issues (Issue #1)
+	if( ! preg_match('/^Transfer-Encoding:/i', $h))
+		header($h, false);
 
-// HACK: Prevent chunked encoding and gz issues (Issue #1)
-header_remove('Transfer-Encoding');
+// HACK: Prevent gzip issue (Issue #1)
 header('Content-Length: '.strlen($content), true);
 
 // Output content
diff --git a/test/echo.php b/test/echo.php
@@ -10,10 +10,12 @@
 
 header_remove();
 ini_set('zlib.output_compression', 'On');
-header('Content-Type: application/json; charset=utf-8');
+
 header('X-Test-Header: This header should come back through');
-setcookie('Test-Cookie', uniqid());
 session_name('Test-Session');
 session_start();
+setcookie('Test-Cookie-A', uniqid());
+setcookie('Test-Cookie-B', uniqid(), strtotime( '+1 days' ));
 
+header('Content-Type: application/json; charset=utf-8');
 echo json_encode(array_filter($info), JSON_PRETTY_PRINT | JSON_NUMERIC_CHECK | JSON_FORCE_OBJECT);
