function _drupal_should_strip_sensitive_headers_on_http_redirect
Determine whether to strip sensitive headers from a request when redirected.
Parameters
string $url: The url from the original outbound http request.
string $location: The location to which the request has been redirected.
Return value
boolean Whether sensitive headers should be stripped from the request before following the redirect.
Related topics
5 calls to _drupal_should_strip_sensitive_headers_on_http_redirect()
- DrupalHTTPRedirectTest::testHostChange in modules/
simpletest/ tests/ common.test - DrupalHTTPRedirectTest::testHttpsDowngrade in modules/
simpletest/ tests/ common.test - DrupalHTTPRedirectTest::testNoHostChange in modules/
simpletest/ tests/ common.test - DrupalHTTPRedirectTest::testNoHttpsDowngrade in modules/
simpletest/ tests/ common.test - drupal_http_request in includes/
common.inc - Performs an HTTP request.
File
-
includes/
common.inc, line 1146
Code
function _drupal_should_strip_sensitive_headers_on_http_redirect($url, $location) {
$url_parsed = parse_url($url);
$location_parsed = parse_url($location);
if (!isset($location_parsed['host'])) {
return FALSE;
}
$strip_on_host_change = variable_get('drupal_http_request_strip_sensitive_headers_on_host_change', TRUE);
$strip_on_https_downgrade = variable_get('drupal_http_request_strip_sensitive_headers_on_https_downgrade', TRUE);
if ($strip_on_host_change && strcasecmp($url_parsed['host'], $location_parsed['host']) !== 0) {
return TRUE;
}
if ($strip_on_https_downgrade && $url_parsed['scheme'] !== $location_parsed['scheme'] && 'https' !== $location_parsed['scheme']) {
return TRUE;
}
return FALSE;
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.