vendor/symfony/http-client/CurlHttpClient.php line 94

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\HttpClient;
  14. use Psr\Log\LoggerAwareInterface;
  15. use Psr\Log\LoggerInterface;
  16. use Symfony\Component\HttpClient\Exception\InvalidArgumentException;
  17. use Symfony\Component\HttpClient\Exception\TransportException;
  18. use Symfony\Component\HttpClient\Internal\CurlClientState;
  19. use Symfony\Component\HttpClient\Internal\PushedResponse;
  20. use Symfony\Component\HttpClient\Response\CurlResponse;
  21. use Symfony\Component\HttpClient\Response\ResponseStream;
  22. use Symfony\Contracts\HttpClient\HttpClientInterface;
  23. use Symfony\Contracts\HttpClient\ResponseInterface;
  24. use Symfony\Contracts\HttpClient\ResponseStreamInterface;
  25. use Symfony\Contracts\Service\ResetInterface;
  27. /**
  28.  * A performant implementation of the HttpClientInterface contracts based on the curl extension.
  29.  *
  30.  * This provides fully concurrent HTTP requests, with transparent
  31.  * HTTP/2 push when a curl version that supports it is installed.
  32.  *
  33.  * @author Nicolas Grekas <p@tchwork.com>
  34.  */
  35. final class CurlHttpClient implements HttpClientInterfaceLoggerAwareInterfaceResetInterface
  36. {
  37.     use HttpClientTrait;
  39.     private $defaultOptions self::OPTIONS_DEFAULTS + [
  40.         'auth_ntlm' => null// array|string - an array containing the username as first value, and optionally the
  41.                              //   password as the second one; or string like username:password - enabling NTLM auth
  42.         'extra' => [
  43.             'curl' => [],    // A list of extra curl options indexed by their corresponding CURLOPT_*
  44.         ],
  45.     ];
  46.     private static $emptyDefaults self::OPTIONS_DEFAULTS + ['auth_ntlm' => null];
  48.     /**
  49.      * @var LoggerInterface|null
  50.      */
  51.     private $logger;
  53.     /**
  54.      * An internal object to share state between the client and its responses.
  55.      *
  56.      * @var CurlClientState
  57.      */
  58.     private $multi;
  60.     /**
  61.      * @param array $defaultOptions     Default request's options
  62.      * @param int   $maxHostConnections The maximum number of connections to a single host
  63.      * @param int   $maxPendingPushes   The maximum number of pushed responses to accept in the queue
  64.      *
  65.      * @see HttpClientInterface::OPTIONS_DEFAULTS for available options
  66.      */
  67.     public function __construct(array $defaultOptions = [], int $maxHostConnections 6int $maxPendingPushes 50)
  68.     {
  69.         if (!\extension_loaded('curl')) {
  70.             throw new \LogicException('You cannot use the "Symfony\Component\HttpClient\CurlHttpClient" as the "curl" extension is not installed.');
  71.         }
  73.         $this->defaultOptions['buffer'] = $this->defaultOptions['buffer'] ?? \Closure::fromCallable([__CLASS__'shouldBuffer']);
  75.         if ($defaultOptions) {
  76.             [, $this->defaultOptions] = self::prepareRequest(nullnull$defaultOptions$this->defaultOptions);
  77.         }
  79.         $this->multi = new CurlClientState($maxHostConnections$maxPendingPushes);
  80.     }
  82.     public function setLogger(LoggerInterface $logger): void
  83.     {
  84.         $this->logger $this->multi->logger $logger;
  85.     }
  87.     /**
  88.      * @see HttpClientInterface::OPTIONS_DEFAULTS for available options
  89.      *
  90.      * {@inheritdoc}
  91.      */
  92.     public function request(string $methodstring $url, array $options = []): ResponseInterface
  93.     {
  94.         [$url$options] = self::prepareRequest($method$url$options$this->defaultOptions);
  95.         $scheme $url['scheme'];
  96.         $authority $url['authority'];
  97.         $host parse_url($authority\PHP_URL_HOST);
  98.         $proxy $options['proxy']
  99.             ?? ('https:' === $url['scheme'] ? $_SERVER['https_proxy'] ?? $_SERVER['HTTPS_PROXY'] ?? null null)
  100.             // Ignore HTTP_PROXY except on the CLI to work around httpoxy set of vulnerabilities
  101.             ?? $_SERVER['http_proxy'] ?? (\in_array(\PHP_SAPI, ['cli''phpdbg'], true) ? $_SERVER['HTTP_PROXY'] ?? null null) ?? $_SERVER['all_proxy'] ?? $_SERVER['ALL_PROXY'] ?? null;
  102.         $url implode(''$url);
  104.         if (!isset($options['normalized_headers']['user-agent'])) {
  105.             $options['headers'][] = 'User-Agent: Symfony HttpClient/Curl';
  106.         }
  108.         $curlopts = [
  109.             \CURLOPT_URL => $url,
  110.             \CURLOPT_TCP_NODELAY => true,
  111.             \CURLOPT_PROTOCOLS => \CURLPROTO_HTTP \CURLPROTO_HTTPS,
  112.             \CURLOPT_REDIR_PROTOCOLS => \CURLPROTO_HTTP \CURLPROTO_HTTPS,
  113.             \CURLOPT_FOLLOWLOCATION => true,
  114.             \CURLOPT_MAXREDIRS => $options['max_redirects'] ? $options['max_redirects'] : 0,
  115.             \CURLOPT_COOKIEFILE => ''// Keep track of cookies during redirects
  116.             \CURLOPT_TIMEOUT => 0,
  117.             \CURLOPT_PROXY => $proxy,
  118.             \CURLOPT_NOPROXY => $options['no_proxy'] ?? $_SERVER['no_proxy'] ?? $_SERVER['NO_PROXY'] ?? '',
  119.             \CURLOPT_SSL_VERIFYPEER => $options['verify_peer'],
  120.             \CURLOPT_SSL_VERIFYHOST => $options['verify_host'] ? 0,
  121.             \CURLOPT_CAINFO => $options['cafile'],
  122.             \CURLOPT_CAPATH => $options['capath'],
  123.             \CURLOPT_SSL_CIPHER_LIST => $options['ciphers'],
  124.             \CURLOPT_SSLCERT => $options['local_cert'],
  125.             \CURLOPT_SSLKEY => $options['local_pk'],
  126.             \CURLOPT_KEYPASSWD => $options['passphrase'],
  127.             \CURLOPT_CERTINFO => $options['capture_peer_cert_chain'],
  128.         ];
  130.         if (1.0 === (float) $options['http_version']) {
  131.             $curlopts[\CURLOPT_HTTP_VERSION] = \CURL_HTTP_VERSION_1_0;
  132.         } elseif (1.1 === (float) $options['http_version']) {
  133.             $curlopts[\CURLOPT_HTTP_VERSION] = \CURL_HTTP_VERSION_1_1;
  134.         } elseif (\defined('CURL_VERSION_HTTP2') && (\CURL_VERSION_HTTP2 CurlClientState::$curlVersion['features']) && ('https:' === $scheme || 2.0 === (float) $options['http_version'])) {
  135.             $curlopts[\CURLOPT_HTTP_VERSION] = \CURL_HTTP_VERSION_2_0;
  136.         }
  138.         if (isset($options['auth_ntlm'])) {
  139.             $curlopts[\CURLOPT_HTTPAUTH] = \CURLAUTH_NTLM;
  140.             $curlopts[\CURLOPT_HTTP_VERSION] = \CURL_HTTP_VERSION_1_1;
  142.             if (\is_array($options['auth_ntlm'])) {
  143.                 $count \count($options['auth_ntlm']);
  144.                 if ($count <= || $count 2) {
  145.                     throw new InvalidArgumentException(sprintf('Option "auth_ntlm" must contain 1 or 2 elements, %d given.'$count));
  146.                 }
  148.                 $options['auth_ntlm'] = implode(':'$options['auth_ntlm']);
  149.             }
  151.             if (!\is_string($options['auth_ntlm'])) {
  152.                 throw new InvalidArgumentException(sprintf('Option "auth_ntlm" must be a string or an array, "%s" given.'get_debug_type($options['auth_ntlm'])));
  153.             }
  155.             $curlopts[\CURLOPT_USERPWD] = $options['auth_ntlm'];
  156.         }
  158.         if (!\ZEND_THREAD_SAFE) {
  159.             $curlopts[\CURLOPT_DNS_USE_GLOBAL_CACHE] = false;
  160.         }
  162.         if (\defined('CURLOPT_HEADEROPT') && \defined('CURLHEADER_SEPARATE')) {
  163.             $curlopts[\CURLOPT_HEADEROPT] = \CURLHEADER_SEPARATE;
  164.         }
  166.         // curl's resolve feature varies by host:port but ours varies by host only, let's handle this with our own DNS map
  167.         if (isset($this->multi->dnsCache->hostnames[$host])) {
  168.             $options['resolve'] += [$host => $this->multi->dnsCache->hostnames[$host]];
  169.         }
  171.         if ($options['resolve'] || $this->multi->dnsCache->evictions) {
  172.             // First reset any old DNS cache entries then add the new ones
  173.             $resolve $this->multi->dnsCache->evictions;
  174.             $this->multi->dnsCache->evictions = [];
  175.             $port parse_url($authority\PHP_URL_PORT) ?: ('http:' === $scheme 80 443);
  177.             if ($resolve && 0x072A00 CurlClientState::$curlVersion['version_number']) {
  178.                 // DNS cache removals require curl 7.42 or higher
  179.                 $this->multi->reset();
  180.             }
  182.             foreach ($options['resolve'] as $host => $ip) {
  183.                 $resolve[] = null === $ip "-$host:$port"$host:$port:$ip";
  184.                 $this->multi->dnsCache->hostnames[$host] = $ip;
  185.                 $this->multi->dnsCache->removals["-$host:$port"] = "-$host:$port";
  186.             }
  188.             $curlopts[\CURLOPT_RESOLVE] = $resolve;
  189.         }
  191.         if ('POST' === $method) {
  192.             // Use CURLOPT_POST to have browser-like POST-to-GET redirects for 301, 302 and 303
  193.             $curlopts[\CURLOPT_POST] = true;
  194.         } elseif ('HEAD' === $method) {
  195.             $curlopts[\CURLOPT_NOBODY] = true;
  196.         } else {
  197.             $curlopts[\CURLOPT_CUSTOMREQUEST] = $method;
  198.         }
  200.         if ('\\' !== \DIRECTORY_SEPARATOR && $options['timeout'] < 1) {
  201.             $curlopts[\CURLOPT_NOSIGNAL] = true;
  202.         }
  204.         if (\extension_loaded('zlib') && !isset($options['normalized_headers']['accept-encoding'])) {
  205.             $options['headers'][] = 'Accept-Encoding: gzip'// Expose only one encoding, some servers mess up when more are provided
  206.         }
  208.         foreach ($options['headers'] as $header) {
  209.             if (':' === $header[-2] && \strlen($header) - === strpos($header': ')) {
  210.                 // curl requires a special syntax to send empty headers
  211.                 $curlopts[\CURLOPT_HTTPHEADER][] = substr_replace($header';', -2);
  212.             } else {
  213.                 $curlopts[\CURLOPT_HTTPHEADER][] = $header;
  214.             }
  215.         }
  217.         // Prevent curl from sending its default Accept and Expect headers
  218.         foreach (['accept''expect'] as $header) {
  219.             if (!isset($options['normalized_headers'][$header][0])) {
  220.                 $curlopts[\CURLOPT_HTTPHEADER][] = $header.':';
  221.             }
  222.         }
  224.         if (!\is_string($body $options['body'])) {
  225.             if (\is_resource($body)) {
  226.                 $curlopts[\CURLOPT_INFILE] = $body;
  227.             } else {
  228.                 $eof false;
  229.                 $buffer '';
  230.                 $curlopts[\CURLOPT_READFUNCTION] = static function ($ch$fd$length) use ($body, &$buffer, &$eof) {
  231.                     return self::readRequestBody($length$body$buffer$eof);
  232.                 };
  233.             }
  235.             if (isset($options['normalized_headers']['content-length'][0])) {
  236.                 $curlopts[\CURLOPT_INFILESIZE] = substr($options['normalized_headers']['content-length'][0], \strlen('Content-Length: '));
  237.             } elseif (!isset($options['normalized_headers']['transfer-encoding'])) {
  238.                 $curlopts[\CURLOPT_HTTPHEADER][] = 'Transfer-Encoding: chunked'// Enable chunked request bodies
  239.             }
  241.             if ('POST' !== $method) {
  242.                 $curlopts[\CURLOPT_UPLOAD] = true;
  244.                 if (!isset($options['normalized_headers']['content-type'])) {
  245.                     $curlopts[\CURLOPT_HTTPHEADER][] = 'Content-Type: application/x-www-form-urlencoded';
  246.                 }
  247.             }
  248.         } elseif ('' !== $body || 'POST' === $method) {
  249.             $curlopts[\CURLOPT_POSTFIELDS] = $body;
  250.         }
  252.         if ($options['peer_fingerprint']) {
  253.             if (!isset($options['peer_fingerprint']['pin-sha256'])) {
  254.                 throw new TransportException(__CLASS__.' supports only "pin-sha256" fingerprints.');
  255.             }
  257.             $curlopts[\CURLOPT_PINNEDPUBLICKEY] = 'sha256//'.implode(';sha256//'$options['peer_fingerprint']['pin-sha256']);
  258.         }
  260.         if ($options['bindto']) {
  261.             if (file_exists($options['bindto'])) {
  262.                 $curlopts[\CURLOPT_UNIX_SOCKET_PATH] = $options['bindto'];
  263.             } elseif (!str_starts_with($options['bindto'], 'if!') && preg_match('/^(.*):(\d+)$/'$options['bindto'], $matches)) {
  264.                 $curlopts[\CURLOPT_INTERFACE] = $matches[1];
  265.                 $curlopts[\CURLOPT_LOCALPORT] = $matches[2];
  266.             } else {
  267.                 $curlopts[\CURLOPT_INTERFACE] = $options['bindto'];
  268.             }
  269.         }
  271.         if ($options['max_duration']) {
  272.             $curlopts[\CURLOPT_TIMEOUT_MS] = 1000 $options['max_duration'];
  273.         }
  275.         if (!empty($options['extra']['curl']) && \is_array($options['extra']['curl'])) {
  276.             $this->validateExtraCurlOptions($options['extra']['curl']);
  277.             $curlopts += $options['extra']['curl'];
  278.         }
  280.         if ($pushedResponse $this->multi->pushedResponses[$url] ?? null) {
  281.             unset($this->multi->pushedResponses[$url]);
  283.             if (self::acceptPushForRequest($method$options$pushedResponse)) {
  284.                 $this->logger && $this->logger->debug(sprintf('Accepting pushed response: "%s %s"'$method$url));
  286.                 // Reinitialize the pushed response with request's options
  287.                 $ch $pushedResponse->handle;
  288.                 $pushedResponse $pushedResponse->response;
  289.                 $pushedResponse->__construct($this->multi$url$options$this->logger);
  290.             } else {
  291.                 $this->logger && $this->logger->debug(sprintf('Rejecting pushed response: "%s"'$url));
  292.                 $pushedResponse null;
  293.             }
  294.         }
  296.         if (!$pushedResponse) {
  297.             $ch curl_init();
  298.             $this->logger && $this->logger->info(sprintf('Request: "%s %s"'$method$url));
  299.             $curlopts += [\CURLOPT_SHARE => $this->multi->share];
  300.         }
  302.         foreach ($curlopts as $opt => $value) {
  303.             if (null !== $value && !curl_setopt($ch$opt$value) && \CURLOPT_CERTINFO !== $opt && (!\defined('CURLOPT_HEADEROPT') || \CURLOPT_HEADEROPT !== $opt)) {
  304.                 $constantName $this->findConstantName($opt);
  305.                 throw new TransportException(sprintf('Curl option "%s" is not supported.'$constantName ?? $opt));
  306.             }
  307.         }
  309.         return $pushedResponse ?? new CurlResponse($this->multi$ch$options$this->logger$methodself::createRedirectResolver($options$host), CurlClientState::$curlVersion['version_number']);
  310.     }
  312.     /**
  313.      * {@inheritdoc}
  314.      */
  315.     public function stream($responsesfloat $timeout null): ResponseStreamInterface
  316.     {
  317.         if ($responses instanceof CurlResponse) {
  318.             $responses = [$responses];
  319.         } elseif (!is_iterable($responses)) {
  320.             throw new \TypeError(sprintf('"%s()" expects parameter 1 to be an iterable of CurlResponse objects, "%s" given.'__METHOD__get_debug_type($responses)));
  321.         }
  323.         if (\is_resource($this->multi->handle) || $this->multi->handle instanceof \CurlMultiHandle) {
  324.             $active 0;
  325.             while (\CURLM_CALL_MULTI_PERFORM === curl_multi_exec($this->multi->handle$active)) {
  326.             }
  327.         }
  329.         return new ResponseStream(CurlResponse::stream($responses$timeout));
  330.     }
  332.     public function reset()
  333.     {
  334.         $this->multi->reset();
  335.     }
  337.     /**
  338.      * Accepts pushed responses only if their headers related to authentication match the request.
  339.      */
  340.     private static function acceptPushForRequest(string $method, array $optionsPushedResponse $pushedResponse): bool
  341.     {
  342.         if ('' !== $options['body'] || $method !== $pushedResponse->requestHeaders[':method'][0]) {
  343.             return false;
  344.         }
  346.         foreach (['proxy''no_proxy''bindto''local_cert''local_pk'] as $k) {
  347.             if ($options[$k] !== $pushedResponse->parentOptions[$k]) {
  348.                 return false;
  349.             }
  350.         }
  352.         foreach (['authorization''cookie''range''proxy-authorization'] as $k) {
  353.             $normalizedHeaders $options['normalized_headers'][$k] ?? [];
  354.             foreach ($normalizedHeaders as $i => $v) {
  355.                 $normalizedHeaders[$i] = substr($v\strlen($k) + 2);
  356.             }
  358.             if (($pushedResponse->requestHeaders[$k] ?? []) !== $normalizedHeaders) {
  359.                 return false;
  360.             }
  361.         }
  363.         return true;
  364.     }
  366.     /**
  367.      * Wraps the request's body callback to allow it to return strings longer than curl requested.
  368.      */
  369.     private static function readRequestBody(int $length\Closure $bodystring &$bufferbool &$eof): string
  370.     {
  371.         if (!$eof && \strlen($buffer) < $length) {
  372.             if (!\is_string($data $body($length))) {
  373.                 throw new TransportException(sprintf('The return value of the "body" option callback must be a string, "%s" returned.'get_debug_type($data)));
  374.             }
  376.             $buffer .= $data;
  377.             $eof '' === $data;
  378.         }
  380.         $data substr($buffer0$length);
  381.         $buffer substr($buffer$length);
  383.         return $data;
  384.     }
  386.     /**
  387.      * Resolves relative URLs on redirects and deals with authentication headers.
  388.      *
  389.      * Work around CVE-2018-1000007: Authorization and Cookie headers should not follow redirects - fixed in Curl 7.64
  390.      */
  391.     private static function createRedirectResolver(array $optionsstring $host): \Closure
  392.     {
  393.         $redirectHeaders = [];
  394.         if ($options['max_redirects']) {
  395.             $redirectHeaders['host'] = $host;
  396.             $redirectHeaders['with_auth'] = $redirectHeaders['no_auth'] = array_filter($options['headers'], static function ($h) {
  397.                 return !== stripos($h'Host:');
  398.             });
  400.             if (isset($options['normalized_headers']['authorization'][0]) || isset($options['normalized_headers']['cookie'][0])) {
  401.                 $redirectHeaders['no_auth'] = array_filter($options['headers'], static function ($h) {
  402.                     return !== stripos($h'Authorization:') && !== stripos($h'Cookie:');
  403.                 });
  404.             }
  405.         }
  407.         return static function ($chstring $locationbool $noContent) use (&$redirectHeaders) {
  408.             try {
  409.                 $location self::parseUrl($location);
  410.             } catch (InvalidArgumentException $e) {
  411.                 return null;
  412.             }
  414.             if ($noContent && $redirectHeaders) {
  415.                 $filterContentHeaders = static function ($h) {
  416.                     return !== stripos($h'Content-Length:') && !== stripos($h'Content-Type:') && !== stripos($h'Transfer-Encoding:');
  417.                 };
  418.                 $redirectHeaders['no_auth'] = array_filter($redirectHeaders['no_auth'], $filterContentHeaders);
  419.                 $redirectHeaders['with_auth'] = array_filter($redirectHeaders['with_auth'], $filterContentHeaders);
  420.             }
  422.             if ($redirectHeaders && $host parse_url('http:'.$location['authority'], \PHP_URL_HOST)) {
  423.                 $requestHeaders $redirectHeaders['host'] === $host $redirectHeaders['with_auth'] : $redirectHeaders['no_auth'];
  424.                 curl_setopt($ch\CURLOPT_HTTPHEADER$requestHeaders);
  425.             } elseif ($noContent && $redirectHeaders) {
  426.                 curl_setopt($ch\CURLOPT_HTTPHEADER$redirectHeaders['with_auth']);
  427.             }
  429.             $url self::parseUrl(curl_getinfo($ch\CURLINFO_EFFECTIVE_URL));
  430.             $url self::resolveUrl($location$url);
  432.             curl_setopt($ch\CURLOPT_PROXY$options['proxy']
  433.                 ?? ('https:' === $url['scheme'] ? $_SERVER['https_proxy'] ?? $_SERVER['HTTPS_PROXY'] ?? null null)
  434.                 // Ignore HTTP_PROXY except on the CLI to work around httpoxy set of vulnerabilities
  435.                 ?? $_SERVER['http_proxy'] ?? (\in_array(\PHP_SAPI, ['cli''phpdbg'], true) ? $_SERVER['HTTP_PROXY'] ?? null null) ?? $_SERVER['all_proxy'] ?? $_SERVER['ALL_PROXY'] ?? null
  436.             );
  438.             return implode(''$url);
  439.         };
  440.     }
  442.     private function findConstantName(int $opt): ?string
  443.     {
  444.         $constants array_filter(get_defined_constants(), static function ($v$k) use ($opt) {
  445.             return $v === $opt && 'C' === $k[0] && (str_starts_with($k'CURLOPT_') || str_starts_with($k'CURLINFO_'));
  446.         }, \ARRAY_FILTER_USE_BOTH);
  448.         return key($constants);
  449.     }
  451.     /**
  452.      * Prevents overriding options that are set internally throughout the request.
  453.      */
  454.     private function validateExtraCurlOptions(array $options): void
  455.     {
  456.         $curloptsToConfig = [
  457.             // options used in CurlHttpClient
  458.             \CURLOPT_HTTPAUTH => 'auth_ntlm',
  459.             \CURLOPT_USERPWD => 'auth_ntlm',
  460.             \CURLOPT_RESOLVE => 'resolve',
  461.             \CURLOPT_NOSIGNAL => 'timeout',
  462.             \CURLOPT_HTTPHEADER => 'headers',
  463.             \CURLOPT_INFILE => 'body',
  464.             \CURLOPT_READFUNCTION => 'body',
  465.             \CURLOPT_INFILESIZE => 'body',
  466.             \CURLOPT_POSTFIELDS => 'body',
  467.             \CURLOPT_UPLOAD => 'body',
  468.             \CURLOPT_INTERFACE => 'bindto',
  469.             \CURLOPT_TIMEOUT_MS => 'max_duration',
  470.             \CURLOPT_TIMEOUT => 'max_duration',
  471.             \CURLOPT_MAXREDIRS => 'max_redirects',
  472.             \CURLOPT_PROXY => 'proxy',
  473.             \CURLOPT_NOPROXY => 'no_proxy',
  474.             \CURLOPT_SSL_VERIFYPEER => 'verify_peer',
  475.             \CURLOPT_SSL_VERIFYHOST => 'verify_host',
  476.             \CURLOPT_CAINFO => 'cafile',
  477.             \CURLOPT_CAPATH => 'capath',
  478.             \CURLOPT_SSL_CIPHER_LIST => 'ciphers',
  479.             \CURLOPT_SSLCERT => 'local_cert',
  480.             \CURLOPT_SSLKEY => 'local_pk',
  481.             \CURLOPT_KEYPASSWD => 'passphrase',
  482.             \CURLOPT_CERTINFO => 'capture_peer_cert_chain',
  483.             \CURLOPT_USERAGENT => 'normalized_headers',
  484.             \CURLOPT_REFERER => 'headers',
  485.             // options used in CurlResponse
  486.             \CURLOPT_NOPROGRESS => 'on_progress',
  487.             \CURLOPT_PROGRESSFUNCTION => 'on_progress',
  488.         ];
  490.         if (\defined('CURLOPT_UNIX_SOCKET_PATH')) {
  491.             $curloptsToConfig[\CURLOPT_UNIX_SOCKET_PATH] = 'bindto';
  492.         }
  494.         if (\defined('CURLOPT_PINNEDPUBLICKEY')) {
  495.             $curloptsToConfig[\CURLOPT_PINNEDPUBLICKEY] = 'peer_fingerprint';
  496.         }
  498.         $curloptsToCheck = [
  499.             \CURLOPT_PRIVATE,
  500.             \CURLOPT_HEADERFUNCTION,
  501.             \CURLOPT_WRITEFUNCTION,
  502.             \CURLOPT_VERBOSE,
  503.             \CURLOPT_STDERR,
  504.             \CURLOPT_RETURNTRANSFER,
  505.             \CURLOPT_URL,
  506.             \CURLOPT_FOLLOWLOCATION,
  507.             \CURLOPT_HEADER,
  508.             \CURLOPT_CONNECTTIMEOUT,
  509.             \CURLOPT_CONNECTTIMEOUT_MS,
  510.             \CURLOPT_HTTP_VERSION,
  511.             \CURLOPT_PORT,
  512.             \CURLOPT_DNS_USE_GLOBAL_CACHE,
  513.             \CURLOPT_PROTOCOLS,
  514.             \CURLOPT_REDIR_PROTOCOLS,
  515.             \CURLOPT_COOKIEFILE,
  516.             \CURLINFO_REDIRECT_COUNT,
  517.         ];
  519.         if (\defined('CURLOPT_HTTP09_ALLOWED')) {
  520.             $curloptsToCheck[] = \CURLOPT_HTTP09_ALLOWED;
  521.         }
  523.         if (\defined('CURLOPT_HEADEROPT')) {
  524.             $curloptsToCheck[] = \CURLOPT_HEADEROPT;
  525.         }
  527.         $methodOpts = [
  528.             \CURLOPT_POST,
  529.             \CURLOPT_PUT,
  530.             \CURLOPT_CUSTOMREQUEST,
  531.             \CURLOPT_HTTPGET,
  532.             \CURLOPT_NOBODY,
  533.         ];
  535.         foreach ($options as $opt => $optValue) {
  536.             if (isset($curloptsToConfig[$opt])) {
  537.                 $constName $this->findConstantName($opt) ?? $opt;
  538.                 throw new InvalidArgumentException(sprintf('Cannot set "%s" with "extra.curl", use option "%s" instead.'$constName$curloptsToConfig[$opt]));
  539.             }
  541.             if (\in_array($opt$methodOpts)) {
  542.                 throw new InvalidArgumentException('The HTTP method cannot be overridden using "extra.curl".');
  543.             }
  545.             if (\in_array($opt$curloptsToCheck)) {
  546.                 $constName $this->findConstantName($opt) ?? $opt;
  547.                 throw new InvalidArgumentException(sprintf('Cannot set "%s" with "extra.curl".'$constName));
  548.             }
  549.         }
  550.     }
  551. }