rfc:request_response
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
rfc:request_response [2020/02/18 18:01] – add link to 2.x internals discussion pmjones | rfc:request_response [2020/04/03 17:42] – Update status peehaa | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== PHP RFC: Server-Side Request and Response Objects ====== | ====== PHP RFC: Server-Side Request and Response Objects ====== | ||
- | * Version: 2.0 | + | * Version: 2.2 |
- | * Date: 2020-02-10 | + | * Date: 2020-03-17 |
* Author: Paul M. Jones, pmjones@pmjones.io | * Author: Paul M. Jones, pmjones@pmjones.io | ||
- | * Status: | + | * Status: |
* First Published at: [[http:// | * First Published at: [[http:// | ||
===== Introduction ===== | ===== Introduction ===== | ||
- | This RFC proposes an object-oriented approach around request and response functionality already existing in PHP, in order to reduce the global-state problems that come with superglobals and the various response-related functions. | + | This RFC proposes an object-oriented approach around request and response functionality already existing in PHP, in order to reduce the global |
The SQLite " | The SQLite " | ||
Line 17: | Line 17: | ||
===== Proposal ===== | ===== Proposal ===== | ||
- | This RFC proposes an extension to declare three new classes in the root namespace: | + | This RFC proposes an extension to declare three new classes |
- | * ServerRequest, composed of immutable read-only copies of PHP superglobals, | + | * SapiRequest, composed of immutable read-only copies of PHP superglobals, |
- | * ServerResponse, a buffer for response-related PHP functions | + | * SapiResponse and SapiResponseInterface, a buffer for response-related PHP functions |
- | * ServerResponseSender, to emit the ServerResponse | + | * SapiResponseSender, to emit the SapiResponse |
The full README, working code, and all tests are available at [[https:// | The full README, working code, and all tests are available at [[https:// | ||
Line 33: | Line 33: | ||
< | < | ||
- | Instead of the superglobal ... ... use ServerRequest: | + | Instead of the superglobal ... ... use SapiRequest: |
--------------------------------------- --------------------------------------- | --------------------------------------- --------------------------------------- | ||
$_COOKIE | $_COOKIE | ||
- | $_ENV | + | $_GET |
- | $_GET | + | $_GET[' |
- | $_GET[' | + | |
$_FILES | $_FILES | ||
- | $_POST | + | $_POST |
$_SERVER | $_SERVER | ||
$_SERVER[' | $_SERVER[' | ||
Line 46: | Line 45: | ||
$_SERVER[' | $_SERVER[' | ||
$_SERVER[' | $_SERVER[' | ||
- | $_SERVER[' | ||
$_SERVER[' | $_SERVER[' | ||
$_SERVER[' | $_SERVER[' | ||
$_SERVER[' | $_SERVER[' | ||
- | Instead of parsing ... ... use ServerRequest: | + | Instead of parsing ... ... use SapiRequest: |
--------------------------------------- --------------------------------------- | --------------------------------------- --------------------------------------- | ||
$_FILES to look more like $_POST | $_FILES to look more like $_POST | ||
Line 64: | Line 62: | ||
$_SERVER[' | $_SERVER[' | ||
- | Instead of emitting ... ... buffer with ServerResponse: | + | Instead of emitting ... ... buffer with SapiResponse: |
--------------------------------------- --------------------------------------- | --------------------------------------- --------------------------------------- | ||
header(' | header(' | ||
Line 74: | Line 72: | ||
echo $content; | echo $content; | ||
- | Instead of sending with ... ... send with ServerResponseSender: | + | Instead of sending with ... ... send with SapiResponseSender: |
--------------------------------------- --------------------------------------- | --------------------------------------- --------------------------------------- | ||
echo, header(), setcookie(), | echo, header(), setcookie(), | ||
Line 101: | Line 99: | ||
HttpFoundation provides a very wide range of functionality, | HttpFoundation provides a very wide range of functionality, | ||
- | As it happens, this proposal turns out to mimic a reduced subset of HttpFoundation functionality. The same subset is common to many userland implementations: | + | As it happens, this proposal turns out to mimic a reduced subset of HttpFoundation functionality. The same subset is common to many userland implementations: |
* a way to read the request-related superglobals such as $_GET, $_POST, etc. from an object; and, | * a way to read the request-related superglobals such as $_GET, $_POST, etc. from an object; and, | ||
Line 159: | Line 157: | ||
To reiterate, this proposal offers read-only properties on the request with consistent and reliable immutability of those values. The response object remains mutable. | To reiterate, this proposal offers read-only properties on the request with consistent and reliable immutability of those values. The response object remains mutable. | ||
+ | == Userland Availability, | ||
+ | |||
+ | (Copied, with light editing, from [[https:// | ||
+ | |||
+ | One common objection, with variations, has been: "There is a wider userland ecosystem that already performs the proposed | ||
+ | functions, with more capabilities, | ||
+ | |||
+ | The proposal authors recognize and understand the sentiment. The following counterargument, | ||
+ | |||
+ | When ext/pdo was added to core, there was already a "wider ecosystem that already performs these functions, with more capabilities, | ||
+ | |||
+ | PDO did not "add capabilities which do not or cannot exist in userland" | ||
+ | |||
+ | And yet, PDO has turned out to be of great benefit, because it brought together features into core that (figuratively speaking) everybody needed and was rewriting in userland over and over. | ||
+ | |||
+ | PDO is the strongest example here, but depending on how you count, there are 2-3 other extensions that also serve: ext/date, ext/phar, and (reaching back to antiquity) ext/ | ||
+ | |||
+ | So, there is a long history of widely-needed userland functionality being brought into core. This proposal is a pretty tame example of doing so; as presented, it is very similar to the way PHP itself already does things, just wrapped in object properties and methods, and is very similar to how things are being done across a wide swath of userland. | ||
+ | |||
+ | Now, it is possible that the above objection should have prevented PDO (et al.) from going into core. If that is the case, and (in hindsight) it was a mistake to allow them, then consistency alone makes the objection valid here as well. | ||
+ | |||
+ | However, if (in hindsight) it was not a mistake to allow those extensions, then the objection is not an especially strong argument against this RFC. That's not to say " | ||
=== Other Questions And Comments === | === Other Questions And Comments === | ||
- | Q: Does ServerRequest | + | Q: The proposal compares and contrasts with HttpFoundation and the various PSR-7 implementations; |
+ | |||
+ | A: See this message for a starting point: [[https:// | ||
+ | |||
+ | Q: Are these global single-instance objects? | ||
+ | |||
+ | A: No, you can create as many instances as you like, in whatever scopes you like. | ||
+ | |||
+ | Q: Do these objects replace the superglobals? | ||
+ | |||
+ | A: No. | ||
+ | |||
+ | Q: Do these objects deal with $_SESSION and the session functions? | ||
+ | |||
+ | A: No; it is explicitly out of scope for this RFC. | ||
+ | |||
+ | Q: Does SapiRequest | ||
- | A: Copies, made at instantiation time. Changes to `$_GET` after the ServerRequest | + | A: Copies, made at instantiation time. Changes to `$_GET` after the SapiRequest |
- | Q: Since the $get, $post etc. properties are the same as $_GET and $_POST, does that mean they retain the same name mangling scheme? | + | Q: Since the $query, $post etc. properties are the same as $_GET and $_POST, does that mean they retain the same name mangling scheme? |
- | A: They do; that is, ServerRequest | + | A: They do; that is, SapiRequest |
Q: Readonly properties are unusual for PHP. | Q: Readonly properties are unusual for PHP. | ||
- | A: Granted, though not unheard of. PdoStatement:: | + | A: Granted, though not unheard of. PdoStatement:: |
Q: Does this has any performance impact? | Q: Does this has any performance impact? | ||
Line 178: | Line 214: | ||
A: Compared to userland, probably greater performance, | A: Compared to userland, probably greater performance, | ||
- | Q: Why is ServerRequest | + | Q: Why is SapiRequest |
- | A: It makes sense that you would not want to change what you have received as a request; however, as you are in charge of creating the response, modifying it as needed seems reasonable. | + | A: It makes sense that you would not want to change what you have received as a request; however, as you are in charge of creating the response, modifying it as needed seems reasonable. Further, the " |
- | Q: Why is ServerRequest | + | Q: Why is SapiRequest |
A: It's an outgrowth of an asymmetry that already exists in PHP: $_GET, $_POST, et al. are properties representing the request, whereas header(), setcookie(), | A: It's an outgrowth of an asymmetry that already exists in PHP: $_GET, $_POST, et al. are properties representing the request, whereas header(), setcookie(), | ||
- | Q: Why not write (PSR-7|HttpFoundation|OtherImplementation) in C, instead of your own version? | + | Q: Why not write (PSR-7|HttpFoundation|OtherImplementation) in C, instead of your own version? |
A: This is not "my own version." | A: This is not "my own version." | ||
Line 196: | Line 232: | ||
Q: Does it support async? | Q: Does it support async? | ||
- | A: It supports async exactly as much as PHP itself does. | + | A: Async is not in scope for the proposed API. |
+ | |||
+ | Q: What would a migration path look like? | ||
+ | |||
+ | A: Something like the one outlined in the later portion of this message: [[https:// | ||
==== Changes From The 1.x Version ==== | ==== Changes From The 1.x Version ==== | ||
Line 202: | Line 242: | ||
Based on user feedback over the past couple of years, this proposal differs from the earlier 1.x version in the following substantial ways: | Based on user feedback over the past couple of years, this proposal differs from the earlier 1.x version in the following substantial ways: | ||
- | * Some users objected | + | * The " |
- | * The ServerRequest object no longer has the immutable application-related functionality represented by withInput(), | + | * Some users objected on principle |
- | * The ServerResponse | + | * The SapiRequest |
- | * ServerResponse | + | * The SapiResponse object |
- | * To address some concerns from an earlier round of discussion, all ServerResponse properties are now private, and all its methods are now final, though the class itself is not. This keeps the class open for extension but closed for modification. | + | * SapiResponse no longer has a self-sending capability. It was noted that to customize sending logic, you needed a custom SapiResponse object. As a result, the sending logic has been extracted to a SapiResponseSender |
- | * ServerResponse:: | + | * To address some concerns from an earlier round of discussion, all SapiResponse properties are now private, and all its methods are now final, though the class itself is not. This keeps the class open for extension but closed for modification. |
+ | |||
+ | * SapiResponse:: | ||
In all, these removals and changes bring the proposal much closer to PHP as-it-is. | In all, these removals and changes bring the proposal much closer to PHP as-it-is. | ||
Line 218: | Line 260: | ||
==== Open Questions ==== | ==== Open Questions ==== | ||
- | 1. Are the more appropriate names other than ServerRequest, | + | 1. Should these classes go into an existing extension, rather than one of their own? Or should they go into " |
- | + | ||
- | 2. Should these classes go into an existing extension, rather than one of their own? | + | |
- | + | ||
- | 3. ??? | + | |
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== | ||
- | Userland code that declares classes named ServerRequest, ServerResponse, or ServerReponseSender | + | Userland code that declares classes named SapiRequest, SapiResponse, or SapiReponseSender |
===== Proposed PHP Version(s) ===== | ===== Proposed PHP Version(s) ===== | ||
Line 284: | Line 321: | ||
===== References ===== | ===== References ===== | ||
- | |||
- | ==== Prior Discussions And Articles ==== | ||
1.x discussions: | 1.x discussions: | ||
Line 311: | Line 346: | ||
===== Rejected Features ===== | ===== Rejected Features ===== | ||
- | Keep this updated with features that were discussed | + | Add filter_input integration to SapiRequest. |
+ | |||
+ | Add .ini setting(s) to disable superglobals, | ||
+ | |||
+ | Add .ini setting(s) to disable response-related functions, and/or warn on their use. | ||
+ | |||
+ | Expand the number of classes provided, to allow for various SapiRequest-related value objects. | ||
+ | |||
+ | Provide builder and locking methods for SapiRequest. | ||
+ | |||
+ | Make the SapiRequest properties mutable. | ||
+ | |||
+ | Add a SapiResponse:: | ||
+ | |||
+ | Embed the PHP multipart/ | ||
+ | |||
+ | ===== Vote ===== | ||
+ | |||
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
rfc/request_response.txt · Last modified: 2020/04/08 12:47 by pmjones