I was wondering if someone could explain to me the meaning of a Server-Side Request. It might just be the terminology I don't quite get. To me it sounds like a request from the server to the client, but I don't think that's it.
It's regarding the PHP PSR7. I am trying to figure out why it has both the RequestInterface
and the ServerRequestInterface
. I can't seam to fine anything about it anywhere and I can't see the reason for why these two are not just merged into one interface.
What Is SSRF? A Server-Side Request Forgery (SSRF) attack involves an attacker abusing server functionality to access or modify resources. The attacker targets an application that supports data imports from URLs or allows them to read data from URLs.
Client-side means that the processing takes place on the user's computer. It requires browsers to run the scripts on the client machine without involving any processing on the server. Server-side means that the processing takes place on a web server.
Client-side development gathers input from users. For example, developers can use JavaScript to create forms that collect user input. Meanwhile, server-side development processes this input. For example, developers can use PHP to connect a database to a website and send user-inputted data to the database.
Server-side is the systems that run on the server, and client-side is the software that runs on a user's web browser. Client-side web development involves interactivity and displaying data, server-side is about working behind the scenes to manage data.
I agree that it is not clear what they mean by "server-side requests". It is known that HTTP requests are sent by clients (browsers, bots, REST API users etc.), and received by servers, after all. However, the word "server" may refer to different things in different contexts.
An HTTP request is received by an HTTP server such as Apache, Nginx, and Microsoft IIS. The servers provide Server Application Programming Interface (SAPI) which particularly allows to postprocess information parsed by the web servers.
The PHP engine (Zend) interacts with different environments by means of its SAPI (Server API) module. The module consists of a number of submodules: CLI (Command Line Interface), CGI (Common Gateway Interface), Apache, FPM (FastCGI Process Manager), and others. Each have their own ideas about contents of the PHP superglobals (example).
The raw HTTP requests are parsed by a Web server. PHP requests the parsed data from the Web server through SAPI for further processing, then passes it to us in the form of superglobals, particularly.
RequestInterface
thus represents the first simple HTTP request which doesn't classify its headers, or parts of the message body into cookies, upload data, GET-, or POST-variables etc. as it is indirectly mentioned in the official documentation:
The
RequestInterface
andResponseInterface
have essentially 1:1 correlations with the request and response messages described in RFC 7230. They provide interfaces for implementing value objects that correspond to the specific HTTP message types they model.
It simply provides interface for common request parameters such as URI, scheme, query, and port, for instance.
And ServerRequestInterface
represents the parsed version of the simple representation of HTTP message (request). It introduces access to logically classified parts of the message, the parts generated server-side: uploaded files, cookies, server parameters, and others.
I suggest thinking of RequestInterface
as HTTP request as it came from the client. And ServerRequestInterface
as already not quite client's request =), i.e. version of original request modified by the server (SAPI).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With