function Request::getHost

Returns the host name.

This method can read the client host name from the "X-Forwarded-Host" header when trusted proxies were set via "setTrustedProxies()".

The "X-Forwarded-Host" header must contain the client host name.

Throws

SuspiciousOperationException when the host name is invalid or not trusted

1 call to Request::getHost()

Request::getHttpHost in vendor/symfony/http-foundation/Request.php

Returns the HTTP host being requested.

File

vendor/symfony/http-foundation/Request.php, line 1080

Class

Request

Request represents an HTTP request.

Namespace

Symfony\Component\HttpFoundation

Code

public function getHost() : string {
    if ($this->isFromTrustedProxy() && ($host = $this->getTrustedValues(self::HEADER_X_FORWARDED_HOST))) {
        $host = $host[0];
    }
    elseif (!($host = $this->headers
        ->get('HOST'))) {
        if (!($host = $this->server
            ->get('SERVER_NAME'))) {
            $host = $this->server
                ->get('SERVER_ADDR', '');
        }
    }
    // trim and remove port number from host
    // host is lowercase as per RFC 952/2181
    $host = strtolower(preg_replace('/:\\d+$/', '', trim($host)));
    // as the host can come from the user (HTTP_HOST and depending on the configuration, SERVER_NAME too can come from the user)
    // check that it does not contain forbidden characters (see RFC 952 and RFC 2181)
    // use preg_replace() instead of preg_match() to prevent DoS attacks with long host names
    if ($host && '' !== preg_replace('/(?:^\\[)?[a-zA-Z0-9-:\\]_]+\\.?/', '', $host)) {
        if (!$this->isHostValid) {
            return '';
        }
        $this->isHostValid = false;
        throw new SuspiciousOperationException(\sprintf('Invalid Host "%s".', $host));
    }
    if (\count(self::$trustedHostPatterns) > 0) {
        // to avoid host header injection attacks, you should provide a list of trusted host patterns
        if (\in_array($host, self::$trustedHosts, true)) {
            return $host;
        }
        foreach (self::$trustedHostPatterns as $pattern) {
            if (preg_match($pattern, $host)) {
                self::$trustedHosts[] = $host;
                return $host;
            }
        }
        if (!$this->isHostValid) {
            return '';
        }
        $this->isHostValid = false;
        throw new SuspiciousOperationException(\sprintf('Untrusted Host "%s".', $host));
    }
    return $host;
}