function _drupal_should_strip_sensitive_headers_on_http_redirect

Determine whether to strip sensitive headers from a request when redirected.

Parameters

string $url: The url from the original outbound http request.

string $location: The location to which the request has been redirected.

Return value

boolean Whether sensitive headers should be stripped from the request before following the redirect.

Related topics

HTTP handling
Functions to properly handle HTTP responses.
5 calls to _drupal_should_strip_sensitive_headers_on_http_redirect()
DrupalHTTPRedirectTest::testHostChange in modules/simpletest/tests/common.test
DrupalHTTPRedirectTest::testHttpsDowngrade in modules/simpletest/tests/common.test
DrupalHTTPRedirectTest::testNoHostChange in modules/simpletest/tests/common.test
DrupalHTTPRedirectTest::testNoHttpsDowngrade in modules/simpletest/tests/common.test
drupal_http_request in includes/common.inc
Performs an HTTP request.

File

includes/common.inc, line 1146

Code

function _drupal_should_strip_sensitive_headers_on_http_redirect($url, $location) {
    $url_parsed = parse_url($url);
    $location_parsed = parse_url($location);
    if (!isset($location_parsed['host'])) {
        return FALSE;
    }
    $strip_on_host_change = variable_get('drupal_http_request_strip_sensitive_headers_on_host_change', TRUE);
    $strip_on_https_downgrade = variable_get('drupal_http_request_strip_sensitive_headers_on_https_downgrade', TRUE);
    if ($strip_on_host_change && strcasecmp($url_parsed['host'], $location_parsed['host']) !== 0) {
        return TRUE;
    }
    if ($strip_on_https_downgrade && $url_parsed['scheme'] !== $location_parsed['scheme'] && 'https' !== $location_parsed['scheme']) {
        return TRUE;
    }
    return FALSE;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.