Skip to content

Commit 26fb006

Browse files
Merge branch '4.4' into 5.0
* 4.4: [HttpFoundation] Do not set the default Content-Type based on the Accept header [Security] Fix access_control behavior with unanimous decision strategy
2 parents 98b44bd + 62f9250 commit 26fb006

File tree

3 files changed

+18
-3
lines changed

3 files changed

+18
-3
lines changed

Request.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1561,7 +1561,9 @@ public function isNoCache()
15611561
* Gets the preferred format for the response by inspecting, in the following order:
15621562
* * the request format set using setRequestFormat
15631563
* * the values of the Accept HTTP header
1564-
* * the content type of the body of the request.
1564+
*
1565+
* Note that if you use this method, you should send the "Vary: Accept" header
1566+
* in the response to prevent any issues with intermediary HTTP caches.
15651567
*/
15661568
public function getPreferredFormat(?string $default = 'html'): ?string
15671569
{

Response.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -266,7 +266,7 @@ public function prepare(Request $request)
266266
} else {
267267
// Content-type based on the Request
268268
if (!$headers->has('Content-Type')) {
269-
$format = $request->getPreferredFormat(null);
269+
$format = $request->getRequestFormat(null);
270270
if (null !== $format && $mimeType = $request->getMimeType($format)) {
271271
$headers->set('Content-Type', $mimeType);
272272
}

Tests/ResponseTest.php

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -497,12 +497,25 @@ public function testPrepareDoesNothingIfRequestFormatIsNotDefined()
497497
$this->assertEquals('text/html; charset=UTF-8', $response->headers->get('content-type'));
498498
}
499499

500+
/**
501+
* Same URL cannot produce different Content-Type based on the value of the Accept header,
502+
* unless explicitly stated in the response object.
503+
*/
504+
public function testPrepareDoesNotSetContentTypeBasedOnRequestAcceptHeader()
505+
{
506+
$response = new Response('foo');
507+
$request = Request::create('/');
508+
$request->headers->set('Accept', 'application/json');
509+
$response->prepare($request);
510+
511+
$this->assertSame('text/html; charset=UTF-8', $response->headers->get('content-type'));
512+
}
513+
500514
public function testPrepareSetContentType()
501515
{
502516
$response = new Response('foo');
503517
$request = Request::create('/');
504518
$request->setRequestFormat('json');
505-
$request->headers->remove('accept');
506519

507520
$response->prepare($request);
508521

0 commit comments

Comments
 (0)