includes/HeaderCallback.php

   1 <?php
   2
   3 namespace MediaWiki;
   4
   5 class HeaderCallback {
   6         private static $headersSentException;
   7         private static $messageSent = false;
   8
   9         /**
  10          * Register a callback to be called when headers are sent. There can only
  11          * be one of these handlers active, so all relevant actions have to be in
  12          * here.
  13          */
  14         public static function register() {
  15                 header_register_callback( [ __CLASS__, 'callback' ] );
  16         }
  17
  18         /**
  19          * The callback, which is called by the transport
  20          */
  21         public static function callback() {
  22                 // Prevent caching of responses with cookies (T127993)
  23                 $headers = [];
  24                 foreach ( headers_list() as $header ) {
  25                         $header = explode( ':', $header, 2 );
  26
  27                         // Note: The code below (currently) does not care about value-less headers
  28                         if ( isset( $header[1] ) ) {
  29                                 $headers[ strtolower( trim( $header[0] ) ) ][] = trim( $header[1] );
  30                         }
  31                 }
  32
  33                 if ( isset( $headers['set-cookie'] ) ) {
  34                         $cacheControl = isset( $headers['cache-control'] )
  35                                 ? implode( ', ', $headers['cache-control'] )
  36                                 : '';
  37
  38                         if ( !preg_match( '/(?:^|,)\s*(?:private|no-cache|no-store)\s*(?:$|,)/i',
  39                                 $cacheControl )
  40                         ) {
  41                                 header( 'Expires: Thu, 01 Jan 1970 00:00:00 GMT' );
  42                                 header( 'Cache-Control: private, max-age=0, s-maxage=0' );
  43                                 \MediaWiki\Logger\LoggerFactory::getInstance( 'cache-cookies' )->warning(
  44                                         'Cookies set on {url} with Cache-Control "{cache-control}"', [
  45                                                 'url' => \WebRequest::getGlobalRequestURL(),
  46                                                 'cookies' => $headers['set-cookie'],
  47                                                 'cache-control' => $cacheControl ?: '<not set>',
  48                                         ]
  49                                 );
  50                         }
  51                 }
  52
  53                 // Save a backtrace for logging in case it turns out that headers were sent prematurely
  54                 self::$headersSentException = new \Exception( 'Headers already sent from this point' );
  55         }
  56
  57         /**
  58          * Log a warning message if headers have already been sent. This can be
  59          * called before flushing the output.
  60          */
  61         public static function warnIfHeadersSent() {
  62                 if ( headers_sent() && !self::$messageSent ) {
  63                         self::$messageSent = true;
  64                         \MWDebug::warning( 'Headers already sent, should send headers earlier than ' .
  65                                 wfGetCaller( 3 ) );
  66                         $logger = \MediaWiki\Logger\LoggerFactory::getInstance( 'headers-sent' );
  67                         $logger->error( 'Warning: headers were already sent from the location below', [
  68                                 'exception' => self::$headersSentException,
  69                                 'detection-trace' => new \Exception( 'Detected here' ),
  70                         ] );
  71                 }
  72         }
  73 }