Merge pull request #651 from flightphp/feat/request-servername

feat(request): Add servername property to Request class

Author: n0nag0n

flight/net/Request.php

@@ -33,6 +33,8 @@
  *   - **secure** - Connection is secure
  *   - **accept** - HTTP accept parameters
  *   - **proxy_ip** - Proxy IP address of the client
+ *   - **host** - The hostname from the request.
+ *   - **servername** - The server's hostname. See `$_SERVER['SERVER_NAME']`.
  */
 class Request
 {
@@ -126,6 +128,15 @@ class Request
      */
     public string $host;
 
+    /**
+     * Server name
+     *
+     * CAUTION: Note: Under Apache 2, UseCanonicalName = On and ServerName must be set.
+     * Otherwise, this value reflects the hostname supplied by the client, which can be spoofed.
+     * It is not safe to rely on this value in security-dependent contexts.
+     */
+    public string $servername;
+
     /**
      * Stream path for where to pull the request body from
      */
@@ -164,6 +175,7 @@ public function __construct(array $config = [])
                 'accept'     => self::getVar('HTTP_ACCEPT'),
                 'proxy_ip'   => self::getProxyIpAddress(),
                 'host'       => self::getVar('HTTP_HOST'),
+                'servername' => self::getVar('SERVER_NAME', ''),
             ];
         }
 

tests/RequestTest.php

@@ -23,6 +23,7 @@ protected function setUp(): void
         $_SERVER['REMOTE_ADDR'] = '8.8.8.8';
         $_SERVER['HTTP_X_FORWARDED_FOR'] = '32.32.32.32';
         $_SERVER['HTTP_HOST'] = 'example.com';
+        $_SERVER['SERVER_NAME'] = 'test.com';
         $_SERVER['CONTENT_TYPE'] = '';
 
         $_GET = [];
@@ -52,6 +53,7 @@ public function testDefaults(): void
         $this->assertFalse($this->request->secure);
         $this->assertEquals('', $this->request->accept);
         $this->assertEquals('example.com', $this->request->host);
+        $this->assertEquals('test.com', $this->request->servername);
     }
 
     public function testIpAddress(): void