FastRoute falls back to GET on HEAD request

[garnold]

We were trying to figure out why HEAD requests from bots were making their way into our controllers. Then we discovered that FastRoute falls back to GET on HEAD requests.

This is unexpected.

Related, I've noticed a number of issues where Slim users are requesting an $app->head(...) shortcut be added to Slim, and the response is often to use $app->map(['HEAD'], ...) instead. But given FastRoute's fallback you can just use $app->get(...) to handle HEAD requests. So my guess is this fallback behavior isn't well known in the Slim community.

[geggleto]

Hmm, HEAD should be GET just w/o a response body.

[damianopetrungaro]

As @geggleto said: https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.4

[akrabat]

Do we correctly ditch the body when it's a HEAD?

[designermonkey]

I'm not sure we do from a quick glance. We have the isEmpty method on a Response, but I can't see where we would check the Request to see if it is a HEAD request.

[akrabat]

Todo:

1. make sure that the user can detect a HEAD request inside the route callable that's attached to a GET request
2. Ensure that we don't send the request body if it's a HEAD request.

[akrabat]

Addressed in #2547

[akrabat]

Re-opening - 3.x needs checking.

[lordrhodos]

I did some research for the 3.x code.

Todo:

1. make sure that the user can detect a HEAD request inside the route callable that's attached to a GET request

As the PSR-7 request is passed to the callable it is no problem to check manually if this is actually a HEAD request, e.g.

$app->get('/', function (Request $request, Response $response, array $args) {
...
    $isHeadMethod = $request->getMethod() === 'HEAD';
...
});

2. Ensure that we don't send the request body if it's a HEAD request.

This is kind of tricky. The mentioned Response::isEmpty method just checks for a response status code that should not contain a body:

Slim/Slim/Http/Response.php

Lines 376 to 382 in 715d130

	public function isEmpty()
	{
	return in_array(
	$this->getStatusCode(),
	[StatusCode::HTTP_NO_CONTENT, StatusCode::HTTP_RESET_CONTENT, StatusCode::HTTP_NOT_MODIFIED]
	);
	}

I think we need to integrate this at Slim\App::isEmptyResponse and add a check if we are dealing with a HEAD request, which will leave us with another fix that we need to attend here:

Slim/Slim/App.php

Lines 617 to 619 in 715d130

	if ($this->isEmptyResponse($response)) {
	return $response->withoutHeader('Content-Type')->withoutHeader('Content-Length');
	}

Here we need to check if this is not a HEAD request before returning a response with removed headers.

[l0gicgate]

Fixed with #2547 for Slim 4 and #2576 for Slim 3