HTTP headers let the client and the server pass additional information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a colon (:), then by its value. Whitespace before the value is ignored.
See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
Each header field consists of a case-insensitive field name followed by a colon (":"), optional leading whitespace, the field value, and optional trailing whitespace.
Version
4.3.0
What did you expect to happen?
I expected a response with status code 200.
What actually happens?
I got an ErrorException:
Undefined array key 1
.The exception happens on this line: https://github.com/roots/acorn/blob/dce6d72c0f9eb1000cc0bc73e22cc2958cb08271/src/Roots/Acorn/Application/Concerns/Bootable.php#L146
It's triggered by the wp-seopress plugin because it adds the header
x-robots-tag:noindex, follow
(note the missing whitespace after the colon). Here's the source line from the plugin: https://github.com/wp-seopress/wp-seopress-public/blob/d0d5c0cebc4cf238a96e7a3163fa7260aec43c32/src/Services/Sitemap/Headers.php#L23MDN specifies
Here's the related RFC section: https://datatracker.ietf.org/doc/html/rfc7230#section-3.2
A previous RFC included more whitespace characters than the current RFC: https://datatracker.ietf.org/doc/html/rfc2616#section-4.2 So I think using PHPs ltrim function should be fine.
I suggest to update the Acorn code from
I'm not sure if we even should use
trim
to also trim the optional trailing whitespace. I think we can ignore it.Steps to reproduce
Send a custom header without a space after the colon.
I can do this in my project by adding a
header-bug.php
with the following contents inside mymu-plugins
folder:System info
No response
Log output
No response
Please confirm this isn't a support request.
Yes