From 959a2e58296e4cab76bb1b77542ea9a2a33c92ab Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Fri, 13 Oct 2023 17:31:58 +0200 Subject: [PATCH] Add VaryAcceptLanguage middleware (#5687) * Add VaryAcceptLanguage middleware * Fix typos --------- Co-authored-by: Alexander Ebert --- .../middleware/VaryAcceptLanguage.class.php | 57 +++++++++++++++++++ .../system/request/RequestHandler.class.php | 3 + 2 files changed, 60 insertions(+) create mode 100644 wcfsetup/install/files/lib/http/middleware/VaryAcceptLanguage.class.php diff --git a/wcfsetup/install/files/lib/http/middleware/VaryAcceptLanguage.class.php b/wcfsetup/install/files/lib/http/middleware/VaryAcceptLanguage.class.php new file mode 100644 index 0000000000..3b0b3f012d --- /dev/null +++ b/wcfsetup/install/files/lib/http/middleware/VaryAcceptLanguage.class.php @@ -0,0 +1,57 @@ + + * @since 6.0 + */ +final class VaryAcceptLanguage implements MiddlewareInterface +{ + /** + * @inheritDoc + */ + public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface + { + // Do not set the header with a regular `\header()` call, because: + // (a) Any 'vary' in a controller is likely going to override the header, + // as $replace defaults to 'true', whereas 'vary' contains a *list* + // of items. + // (b) For the same reason we cannot use `\header_remove()` to delegate + // the logic to the PSR-7 response emitter, as we might also + // remove unrelated items. + // + // This is different to the other middlewares, because they use `withHeader`, + // thus overriding any existing header, instead of `withAddedHeader` to + // add a single item. + // + // Furthermore adding the `vary: accept-language` is not super necessary, + // because caching for responses might already be disabled. + // + // Thus we attach it to any PSR-7 responses on a best effort basis, the number + // of controllers returning a PSR-7 response is expected to grow over time. + + $response = $handler->handle($request); + + if ($response instanceof LegacyPlaceholderResponse) { + return $response; + } + + if (!WCF::getUser()->userID) { + return $response->withAddedHeader('vary', 'accept-language'); + } else { + return $response; + } + } +} diff --git a/wcfsetup/install/files/lib/system/request/RequestHandler.class.php b/wcfsetup/install/files/lib/system/request/RequestHandler.class.php index b2050ef007..ea52771780 100644 --- a/wcfsetup/install/files/lib/system/request/RequestHandler.class.php +++ b/wcfsetup/install/files/lib/system/request/RequestHandler.class.php @@ -29,6 +29,7 @@ use wcf\http\middleware\HandleValinorMappingErrors; use wcf\http\middleware\JsonBody; use wcf\http\middleware\PreventMimeSniffing; use wcf\http\middleware\TriggerBackgroundQueue; +use wcf\http\middleware\VaryAcceptLanguage; use wcf\http\middleware\Xsrf; use wcf\http\Pipeline; use wcf\http\StaticResponseHandler; @@ -128,6 +129,7 @@ final class RequestHandler extends SingletonFactory new EnforceCacheControlPrivate(), new EnforceNoCacheForTemporaryRedirects(), new EnforceFrameOptions(), + new VaryAcceptLanguage(), new CheckHttpMethod(), new Xsrf(), new CheckSystemEnvironment(), @@ -157,6 +159,7 @@ final class RequestHandler extends SingletonFactory new EnforceCacheControlPrivate(), new EnforceNoCacheForTemporaryRedirects(), new EnforceFrameOptions(), + new VaryAcceptLanguage(), ]); $response = $pipeline->process($psrRequest, $builtRequest); -- 2.20.1