1 common.inc _backdrop_should_strip_sensitive_headers_on_http_redirect($url, $location)

Determine whether to strip sensitive headers from a request when redirected.

Parameters

string $url: The url from the original outbound http request.

string $location: The location to which the request has been redirected.

Return value

boolean: Whether sensitive headers should be stripped from the request before following the redirect.

Related topics

HTTP handling Functions to properly handle HTTP responses.

File

core/includes/common.inc, line 1312
Common functions that many Backdrop modules will need to reference.

Code

function _backdrop_should_strip_sensitive_headers_on_http_redirect($url, $location) {
  $url_parsed = parse_url($url);
  $location_parsed = parse_url($location);
  if (!isset($location_parsed['host'])) {
    return FALSE;
  }
  $strip_on_host_change = config_get('system.core', 'backdrop_http_request.strip_sensitive_headers_on_host_change');
  $strip_on_https_downgrade = config_get('system.core', 'backdrop_http_request.strip_sensitive_headers_on_https_downgrade');
  if ($strip_on_host_change && strcasecmp($url_parsed['host'], $location_parsed['host']) !== 0) {
    return TRUE;
  }
  if ($strip_on_https_downgrade && $url_parsed['scheme'] !== $location_parsed['scheme'] && $location_parsed['scheme'] !== 'https') {
    return TRUE;
  }
  return FALSE;
}