PHP relay for meek

A first pass at the php middle relay is at, https://github.com/arlolra/meek/tree/php

It borrows heavily from GoAgent.

Deployed to, https://meek-reflect.herokuapp.com/

added component::circumvention/meek meek owner::dcf priority::medium resolution::implemented status::closed type::defect labels

Trac:
Component: Pluggable transport to meek

This PHP reflector is undeniably useful. I just used it to prototype a reflector on Azure Websites for #13189 (moved).

I'm still doubtful about the quality of code derived from GoAgent and I wish we didn't have to include the huge license. I think we can simplify it quite a bit with a new implementation?

We don't actually have to reflect Content-Type. I think we can replace all the GetHeaders code with just:

$headerArray = array();
if (array_key_exists("HTTP_X_SESSION_ID", $_SERVER)) {
        $headerArray[] = "X-Session-Id: " . $_SERVER["HTTP_X_SESSION_ID"];
}
curl_setopt($ch, CURLOPT_HTTPHEADER, $headerArray);

Likewise, I think you can replace all the method processing code with just:

curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $_SERVER['REQUEST_METHOD']);
curl_setopt($ch, CURLOPT_POSTFIELDS, file_get_contents("php://input"));

I found I had to change $HTTP_RAW_POST_DATA to file_get_contents("php://input") since b1f6a7ec which removed Content-Type from the header.

I was going to suggest using the HTTPS bridge by default, but I tried it and Azure must not have a trusted CA list installed. It prints:

502 Urlfetch Error
PHP Urlfetch Error: curl(60)
SSL certificate problem: unable to get local issuer certificate

It turns out that CURLOPT_SSL_VERIFYHOST is not a boolean, but an integer. 0 means something unsafe, 1 means something unsafe, and 2 is what you want. Unfortunately true is converted to 1. It's used as an example of a bad API in this paper. It looks like PHP has our back though; I saw this message in the log:

PHP Notice:  curl_setopt_array(): CURLOPT_SSL_VERIFYHOST no longer accepts the value 1, value 2 will be used instead in index.php on line 111

Do you think you can get the file down to 50 lines? I think it should be possible and then I'll like it better.

Trac:
Status: new to needs_revision

A rewrite is at: https://github.com/arlolra/meek/commit/190bda477ab53f5b07c9c0e97c0a8de299e2c526

The deployed app is refreshed.

Sorry, wrong commit. See the branch https://github.com/arlolra/meek/tree/php

Great work! It works for me. Please commit it.

It seems to work without this line:

header("Content-Type:text/plain; charset=utf-8");

Let's remove that line, even though without it PHP seems to be sniffing text/html. We'd be better off whitelisting response headers with CURLOPT_HEADERFUNCTION like before. Otherwise we're claiming "UTF-8" even for our POST responses, which doesn't seem to hurt anything but is weird.

Add a little note about the php directory to the main README file.

Trac:
Status: needs_revision to accepted

We'd be better off whitelisting response headers with CURLOPT_HEADERFUNCTION like before.

Can I put that back?

Replying to arlolra:

We'd be better off whitelisting response headers with CURLOPT_HEADERFUNCTION like before.

Can I put that back?

Yeah, sure.

Added in f5726d12dca8135144433c93a16500b05d742f88.

Trac:
Resolution: N/A to implemented
Status: accepted to closed

closed

mentioned in issue #13189 (moved)

moved to tpo/anti-censorship/pluggable-transports/meek#10984 (closed)