PHPackages oihana/php-http - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. oihana/php-http ActiveLibrary[HTTP & Networking](/categories/http) oihana/php-http =============== Composable PHP HTTP toolkit โ€” client IP detection (X-Forwarded-For chain walking + CIDR + IPv4/IPv6), typed Set-Cookie header builders, signed URLs, content negotiation, user-agent parsing. PSR-7 compatible, zero magic strings. 1.1.0(1w ago)018โ†“100%1MPL-2.0PHPPHP >=8.4 Since May 27Pushed 1w agoCompare [ Source](https://github.com/BcommeBois/oihana-php-http)[ Packagist](https://packagist.org/packages/oihana/php-http)[ Docs](https://github.com/BcommeBois/oihana-php-http)[ RSS](/packages/oihana-php-http/feed)WikiDiscussions main Synced 1w ago READMEChangelogDependencies (11)Versions (3)Used By (1) Oihana PHP Http =============== [](#oihana-php-http) [![Oihana PHP Http](https://raw.githubusercontent.com/BcommeBois/oihana-php-http/main/assets/images/oihana-php-http-logo-inline-512x160.png)](https://raw.githubusercontent.com/BcommeBois/oihana-php-http/main/assets/images/oihana-php-http-logo-inline-512x160.png) Composable PHP HTTP toolkit. Part of the **Oihana PHP** ecosystem, this package provides battle-tested helpers for HTTP-facing code: client IP detection against reverse proxies, GDPR-compliant anonymisation, typed `Set-Cookie` builders and parsers, PSR-7 authentication and request inspection helpers, content negotiation, HTTP dates, URL/query string toolkit, HMAC signatures for signed URLs and webhooks, User-Agent parser. PSR-7 compatible, zero magic strings. [![Latest Version](https://camo.githubusercontent.com/a08516df3daf1ba489fcb7bcb03504de811d01fdd66b68a82acb7ca1d556a126/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6f6968616e612f7068702d687474702e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/oihana/php-http)[![Total Downloads](https://camo.githubusercontent.com/a7c0e89ff65a07953e829d8aed55abc1ef8e4e479bbf932c8872865c81b269ed/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6f6968616e612f7068702d687474702e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/oihana/php-http)[![License](https://camo.githubusercontent.com/d9c15cbf10b87be5f67684c219f10ee0666a4f082797141449906b28c612bdaa/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f6f6968616e612f7068702d687474702e7376673f7374796c653d666c61742d737175617265)](LICENSE) ๐Ÿ“š Documentation --------------- [](#-documentation) Full API reference (generated with phpDocumentor): `https://bcommebois.github.io/oihana-php-http` User guides (FR + EN) live under [`wiki/`](wiki/). ๐Ÿ“ฆ Installation -------------- [](#-installation) Requires [PHP 8.4+](https://php.net/releases/). Install via [Composer](https://getcomposer.org/): ``` composer require oihana/php-http ``` โœจ What you can do ----------------- [](#-what-you-can-do) ### Network & IP [](#network--ip) - **Detect the real client IP** behind a chain of trusted reverse proxies. Walks `X-Forwarded-For` right-to-left, skips trusted hops via CIDR matching, falls back on `Forwarded` (RFC 7239), `X-Real-IP` and `REMOTE_ADDR`. Validates IPv4 and IPv6, normalizes IPv4-mapped IPv6, strips IPv6 zone IDs. - **Anonymise IPs for GDPR-friendly logging** โ€” `truncateIpToSlash24()` (IPv4 โ†’ `/24`), `truncateIpToSlash48()` (IPv6 โ†’ `/48`, BfDI/BSI recommendation), or `anonymizeIp()` for a single entry point routing by address family. ### Cookies [](#cookies) - **Build & parse `Set-Cookie` / `Cookie` headers** with strict validation (rejects CRLF injection, control characters, malformed names). Typed attributes: `HttpOnly`, `Secure`, `SameSite=Strict|Lax|None`, `Domain`, `Path`, `Max-Age`, `Expires` (RFC 7231 IMF-fixdate), `Priority` (Low|Medium|High), `Partitioned` (CHIPS). ### Auth & PSR-7 request inspection [](#auth--psr-7-request-inspection) - **Authorization helpers** โ€” `parseAuthorizationHeader()`, `getBearerToken()`, `getBasicAuth()` (RFC 7617 split on first colon). - **Request inspection** โ€” `wantsJson()`, `isAjax()`, `isHttpsRequest()` (with anti-spoofing trusted-proxy filter symmetric with `getClientIp()`). ### Content negotiation [](#content-negotiation) - **`Accept*` parser** โ€” `parseAcceptHeader()` is a single universal parser for `Accept`, `Accept-Language` and `Accept-Encoding` (same RFC 7231 ยง5.3 grammar). Returns entries sorted by q-value, stable on ties. - **`negotiate()`** โ€” best-match selection with wildcard support (`*`, `*/*`, `type/*`), case-preserving candidate return. - **`parseContentType()`** โ€” `{type, charset, boundary, params}` tuple, case-insensitive on type/charset, case-preserving on boundary. ### Dates, URLs, signatures [](#dates-urls-signatures) - **HTTP dates** โ€” `parseHttpDate()` accepts all three RFC 7231 ยง7.1.1.1 formats (IMF-fixdate, RFC 850, asctime); `formatHttpDate()` emits IMF-fixdate from any `DateTimeInterface` converted to UTC. - **URL & query string toolkit** โ€” `parseQueryString()` / `buildQueryString()` preserve duplicates, `withQueryParams()` / `removeQueryParam()` immutable PSR-7 updates, `normalizeUrl()` canonical form, `isAbsoluteUrl()`. - **HMAC signatures** โ€” `signUrl()` / `verifySignedUrl()` for pre-signed URLs with TTL; `verifyHmacSignature()` for webhook payload verification (Stripe / GitHub / Slack / Mailchimp). ### User-Agent [](#user-agent) - **Pragmatic, dependency-free parser** โ€” `parseUserAgent()` returns a structured `UserAgentInfo` DTO (browser, OS, device class, bot flag). Predicates `isBotUserAgent()` and `isMobileUserAgent()` for the common one-shot questions. ### Under the hood [](#under-the-hood) - Consistent typed enums and constants โ€” `CookieAttribute`, `CookieOption`, `CookiePriority`, `SameSite`, `SetCookieField`, `AcceptField`, `ContentTypeField`, `AuthorizationField`, `BasicAuthField`, `BrowserName`, `OsName`, `SignatureFormat`, `SignedUrlField`. - Pure PSR-7 โ€” no framework lock-in. Works with Slim, Laravel, Symfony HTTP Foundation (via PSR-7 bridge), Hyperf, RoadRunner, etc. - Strongly-typed enums and constants โ€” no magic strings anywhere. - Constant-time HMAC comparisons (`hash_equals()`) โ€” safe against timing-side-channel attacks. โœ… Running tests --------------- [](#-running-tests) Run all tests: ``` composer test ``` Run a specific test file: ``` composer test ./tests/oihana/http/helpers/ips/GetClientIpTest.php ``` ๐Ÿ› ๏ธ Generate the documentation ----------------------------- [](#๏ธ-generate-the-documentation) We use [phpDocumentor](https://phpdoc.org/) to generate documentation into the `./docs` folder. ``` composer doc ``` ๐Ÿงพ License --------- [](#-license) Licensed under the [Mozilla Public License 2.0 (MPLโ€‘2.0)](https://www.mozilla.org/en-US/MPL/2.0/). ๐Ÿ‘ค About the author ------------------ [](#-about-the-author) - Author: Marc ALCARAZ (aka eKameleon) - Email: `marc@ooop.fr` - Website: `https://www.ooop.fr` ๐Ÿ”— Related packages ------------------ [](#-related-packages) - `oihana/php-core` โ€“ core helpers and utilities (`base64UrlEncode` / `base64UrlDecode` consumed by `signUrl`): `https://github.com/BcommeBois/oihana-php-core` - `oihana/php-enums` โ€“ typed constants & enums (`HttpHeader`, `AuthScheme`, โ€ฆ): `https://github.com/BcommeBois/oihana-php-enums` - `oihana/php-files` โ€“ file system helpers (`joinPaths` for URL path concatenation): `https://github.com/BcommeBois/oihana-php-files` - `oihana/php-reflect` โ€“ reflection and hydration utilities (`ConstantsTrait` powering every enum class): `https://github.com/BcommeBois/oihana-php-reflect` - `oihana/php-schema` โ€“ shared DTOs (`UserAgentInfo` returned by `parseUserAgent`, `Session`, โ€ฆ): `https://github.com/BcommeBois/oihana-php-schema` - `oihana/php-standards` โ€“ standard date formats (`DateFormat::RFC7231` used by `formatHttpDate` and the cookie `Expires` attribute): `https://github.com/BcommeBois/oihana-php-standards` - `oihana/php-auth` โ€“ Casbin RBAC + JWT/OIDC authorization toolkit, consumer of the IP and cookie helpers: `https://github.com/BcommeBois/oihana-php-auth` ### Health Score 44 โ€” FairBetter than 90% of packages Maintenance98 Actively maintained with recent releases Popularity9 Limited adoption so far Community8 Small or concentrated contributor base Maturity52 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits โ€” single point of failure How is this calculated?**Maintenance (25%)** โ€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** โ€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** โ€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** โ€” Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~2 days Total 2 Last Release 11d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/d234506e51778dd3d1d61b6c2af6f294ff963651b4aa509b595d3d2a77b7d89b?d=identicon)[ooop](/maintainers/ooop) --- Top Contributors [![ekameleon](https://avatars.githubusercontent.com/u/749032?v=4)](https://github.com/ekameleon "ekameleon (27 commits)") --- Tags httppsr-7phpIPuser agentcookiescontent negotiationcidrsigned-urlsamesiteSet-Cookiex-forwarded-for ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/oihana-php-http/health.svg) ``` [![Health](https://phpackages.com/badges/oihana-php-http/health.svg)](https://phpackages.com/packages/oihana-php-http) ``` ### Alternatives [guzzlehttp/psr7 PSR-7 message implementation that also provides common utility methods 7.9k1.1B3.7k](/packages/guzzlehttp-psr7)[symfony/psr-http-message-bridge PSR HTTP message bridge 1.3k312.3M926](/packages/symfony-psr-http-message-bridge)[httpsoft/http-message Strict and fast implementation of PSR-7 and PSR-17 87930.4k112](/packages/httpsoft-http-message)[mimmi20/browser-detector Library to detect Browsers and Devices 48156.1k4](/packages/mimmi20-browser-detector)[phpro/http-tools HTTP tools for developing more consistent HTTP implementations. 28146.3k](/packages/phpro-http-tools)[mezzio/mezzio-authentication-oauth2 OAuth2 (server) authentication middleware for Mezzio and PSR-7 applications. 28545.4k3](/packages/mezzio-mezzio-authentication-oauth2) PHPackages ยฉ 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)