aidantwoods/SecureHeaders

Adding support for Psr-7

prisis opened this issue ยท 6 comments

Not all of use global function/variable's

If you like I can make a pr

Would this be so that SecureHeaders communicates with the PSR-7 defined interfaces, or an adapter for it to be the PSR-7 defined interface?

Like the idea from @franzliedke

Not sure whether this belongs here, but the issue is titled "Usage concerns", so I may as well expand the discussion... The way the library is currently set up, it might be hard to integrate into any modern PHP framework. That's because they typically do not use PHP's global request context methods (such as header and setcookie) directly, but instead operate on various abstractions of HTTP requests and responses.
Most notably, this would probably be PSR-7 requests/responses or the equivalents from Symfony's HttpFoundation component.

So, my first suggestion would be to split the configuration. generation and actual writing of the headers / cookies into separate classes: you'd have a factory that is used for configuring the headers, a class that creates the appropriate HTTP headers and cookies (only the strings) from that configuration, and finally an adapter that actually writes them to either a HTTP response object, or PHP's global functions.
We could then create different adapters for integration with frameworks / other projects: I'd suggest three implementations, for PSR-7, Symfony, as well as the header/setcookie functions

This might seem like overkill, but IMO it would greatly help in a) integratability (I might have made that word up), b) maintainability and c) testability.

And we can use it in all middlewares (PSR-15) ;)

Yup I definitely like that idea!

Feel free to make a PR ๐Ÿ˜„

Function you're looking to for is sendHeaders which makes the only two calls to PHPs header function.

If PR #17 gets merged, all you will need to do is provide another implementation of Aidantwoods\SecureHaders\Http\HttpAdapter. :)

PR #21 was merged - this will be in v2.0. :)

...meaning this issue can be closed. ๐Ÿ˜Ž