You are here

Home » API reference » Zircon Profile 8.0 » Request.php » Request

public function Request::getHost in Zircon Profile 8.0

Same name and namespace in other branches
  1. 8 vendor/symfony/http-foundation/Request.php \Symfony\Component\HttpFoundation\Request::getHost()

Returns the host name.

This method can read the client host name from the "X-Forwarded-Host" header when trusted proxies were set via "setTrustedProxies()".

The "X-Forwarded-Host" header must contain the client host name.

If your reverse proxy uses a different header name than "X-Forwarded-Host", configure it via "setTrustedHeaderName()" with the "client-host" key.

Return value

string

Throws

\UnexpectedValueException when the host name is invalid

1 call to Request::getHost()
Request::getHttpHost in vendor/symfony/http-foundation/Request.php
Returns the HTTP host being requested.

File

vendor/symfony/http-foundation/Request.php, line 1205

Class

Request
Request represents an HTTP request.

Namespace

Symfony\Component\HttpFoundation

Code

public function getHost() {
  if ($this
    ->isFromTrustedProxy() && self::$trustedHeaders[self::HEADER_CLIENT_HOST] && ($host = $this->headers
    ->get(self::$trustedHeaders[self::HEADER_CLIENT_HOST]))) {
    $elements = explode(',', $host);
    $host = $elements[count($elements) - 1];
  }
  elseif (!($host = $this->headers
    ->get('HOST'))) {
    if (!($host = $this->server
      ->get('SERVER_NAME'))) {
      $host = $this->server
        ->get('SERVER_ADDR', '');
    }
  }

  // trim and remove port number from host
  // host is lowercase as per RFC 952/2181
  $host = strtolower(preg_replace('/:\\d+$/', '', trim($host)));

  // as the host can come from the user (HTTP_HOST and depending on the configuration, SERVER_NAME too can come from the user)
  // check that it does not contain forbidden characters (see RFC 952 and RFC 2181)
  // use preg_replace() instead of preg_match() to prevent DoS attacks with long host names
  if ($host && '' !== preg_replace('/(?:^\\[)?[a-zA-Z0-9-:\\]_]+\\.?/', '', $host)) {
    throw new \UnexpectedValueException(sprintf('Invalid Host "%s"', $host));
  }
  if (count(self::$trustedHostPatterns) > 0) {

    // to avoid host header injection attacks, you should provide a list of trusted host patterns
    if (in_array($host, self::$trustedHosts)) {
      return $host;
    }
    foreach (self::$trustedHostPatterns as $pattern) {
      if (preg_match($pattern, $host)) {
        self::$trustedHosts[] = $host;
        return $host;
      }
    }
    throw new \UnexpectedValueException(sprintf('Untrusted Host "%s"', $host));
  }
  return $host;
}