Comments (6)
Hi @mookman288
thats a nice starting point. What I completely dislike is, that we have to re-request the page inside the rules implementation.
As you pointed out, Guzzle does not seem to provide those infos, so we have to think how we can retrieve those information during the inital request. Maybe Guzzle is the wrong library here. I do not stick with it, if there is an adequate substitute.
Any suggestions?
PS: I moved the comment from the PR, since it is more obvious to find a general discussion on the issue board, than to search in some PRs.
from kickoff.
@frickelbruder I believe that stream_context doesn't actually make a second request:
http://stackoverflow.com/a/3081093/1617361
EDIT: This option is better since it doesn't actually make the HTTP request and does not require allow_url_fopen:
The downside is, as I illustrated, limited amount of information and a need to override PHP warnings.
Guzzle does provide the information that you need, it's just the way you've written your software, you're making the request automatically before the rule is even run.
If you, instead, made it so the rule can specify whether it should automatically make a guzzle request, we can go head and try and query for the certificate itself:
http://stackoverflow.com/a/28516592/1617361
from kickoff.
I'm quite sure stream_socket_client opens a new connection:
http://php.net/manual/de/function.stream-socket-client.php
stream_socket_client — Open Internet or Unix domain socket connection
But as far as I understand, the page content would not be downloaded by the script, because you need to fread the content, which your Rule didn't.
Anyway:
Guzzle does provide the information that you need
How could I retrieve them, if I would fetch those information directly in the HTTPRequester (besides removing verify=false and break all other tests instantly)?
from kickoff.
https://docs.aws.amazon.com/aws-sdk-php/v2/api/class-Guzzle.Http.Curl.CurlHandle.html#_getInfo
You can use CURLINFO_CERTINFO
as your constant with the getInfo function in Guzzle.
That would allow you to then use the x509 openssl functions in PHP.
EDIT: I suggest allowing us to specify this outside of the rule, because you don't want to do extra work on every request.
from kickoff.
This looks great, but it would limit us to Guzzle’s cURL handler since the Stream handler doesn’t seem to support that.
Also, the ‘vanilla’ cURL handler only returns that information for failed requests and not in general. If the request already failed we don’t really need the certificate anymore, though.
from kickoff.
There is now a simple SSL check rule implemented.
Thanks @hanzi
from kickoff.
Related Issues (19)
- Add Twitter card tag rule
- Add Rule to check for x-ua-compatible="ie=edge"
- Beautify console output HOT 3
- SEO site review using sitemap.xml file HOT 3
- Add apple-touch-icon Rule
- HttpResponseBody implicitly uses UTF-8 as default charset, but shouldn't
- Proposed changes to the config file format HOT 3
- Meta name="generator" not present rule
- Add CSP-Rule
- Add rulesets HOT 3
- Allow target: path: to be an array
- Allow Basic Auth credentials in URI
- Add Access-Control-Allow-Origin header
- Add Rule to check existence of imprint link HOT 1
- New command to perform basic security check
- New command to perform basic SEO check HOT 2
- New command to perform basic performance check
- Readme.md needs improvement HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kickoff.