From: Benjamin Franzke Date: Tue, 20 Dec 2016 06:26:42 +0000 (+0100) Subject: [BUGFIX] Fix non-302 redirects for PSR-7 response objects X-Git-Tag: TYPO3_8-7-0~371 X-Git-Url: http://git.typo3.org/Packages/TYPO3.CMS.git/commitdiff_plain/cce7d774d926027ed32148f3709a4cac211a2612?ds=sidebyside [BUGFIX] Fix non-302 redirects for PSR-7 response objects All redirect status codes (e.g. 201,301,303,307) are incorrectly sent as 302. We need to set the response code before setting the Location header, as a call to header('Location: ...'); sets the response code implicitly to 302 (unless it has already been set to 201 or 3xx) [1]. By settings the status code/header first, header('Location: ..') will not change the status code, if the PSR-7 response object contains a proper redirect status code. [1] http://php.net/manual/en/function.header.php The second special case is the "Location:" header. Not only does it send this header back to the browser, but it also returns a REDIRECT (302) status code to the browser unless the 201 or a 3xx status code has already been set. Change-Id: Ifa076e6393c6ed42d93959fe8c3a5b79cee145a4 Fixes: #79043 Releases: master, 7.6 Reviewed-on: https://review.typo3.org/51002 Tested-by: TYPO3com Reviewed-by: Andreas Fernandez Reviewed-by: Philipp Gampe Tested-by: Josef Glatz Reviewed-by: Marco Huber Tested-by: Marco Huber Reviewed-by: Joerg Boesche Reviewed-by: Susanne Moog Tested-by: Susanne Moog --- diff --git a/typo3/sysext/core/Classes/Core/Bootstrap.php b/typo3/sysext/core/Classes/Core/Bootstrap.php index 5228aacde6f3..c4a75de008c4 100644 --- a/typo3/sysext/core/Classes/Core/Bootstrap.php +++ b/typo3/sysext/core/Classes/Core/Bootstrap.php @@ -320,9 +320,6 @@ class Bootstrap { if ($this->response instanceof \Psr\Http\Message\ResponseInterface) { if (!headers_sent()) { - foreach ($this->response->getHeaders() as $name => $values) { - header($name . ': ' . implode(', ', $values)); - } // If the response code was not changed by legacy code (still is 200) // then allow the PSR-7 response object to explicitly set it. // Otherwise let legacy code take precedence. @@ -330,6 +327,10 @@ class Bootstrap if (http_response_code() === 200) { header('HTTP/' . $this->response->getProtocolVersion() . ' ' . $this->response->getStatusCode() . ' ' . $this->response->getReasonPhrase()); } + + foreach ($this->response->getHeaders() as $name => $values) { + header($name . ': ' . implode(', ', $values)); + } } echo $this->response->getBody()->__toString(); }