Http Class
categoryAPI
edit_calendar31 Mar 2026
HTTP Requests & Security Class
The Http class is the primary interface for handling complex HTTP interactions within GeniXCMS. It provides comprehensive utilities for URL validation (SSRF protection), remote content acquisition, IP geolocation, and modern REST API authentication header processing.
⚡ Secure Content Acquisition
Http::fetch(array $config)
A versatile, high-level method to retrieve content from remote endpoints.
- Automation: Intelligently switches between cURL and
file_get_contents()based on server configuration and the provided parameters. - Payload: Supports custom headers, timeouts, and user-agent masking.
$params = [
'url' => 'https://api.external.com/data',
'curl' => true,
'curl_options' => [
CURLOPT_TIMEOUT => 45,
CURLOPT_FOLLOWLOCATION => true
]
];
$json_response = Http::fetch($params);🛡️ SSRF Protection & URL Validation
The Http class includes several methods to verify URI integrity and prevent Server-Side Request Forgery (SSRF) attacks by blocking local network access.
| Method | Role | Logic |
|---|---|---|
validateUrl($url) |
Overall Check | Verifies if a URL is valid and follows allowed protocols. |
validateProtocol($url) |
Scheme Lock | Ensures the URI uses only http or https. |
isLocal($url) |
Security | Returns true if the IP resolves to a local/private network. |
validatePort($url) |
Port Lock | Restricts connections to standard web ports (80, 443). |
🔓 API & Header Processing
These methods are essential for building Headless CMS integrations and mobile app backends.
Http::getAuthorizationHeader(): Securely extracts theAuthorizationheader regardless of the server environment (Apache, Nginx, or CGI).Http::getBearerToken(): Specifically parses and returns the Bearer Token string, stripping the prefix for immediate use in authentication routines.
🌍 IP Insight & Geolocation
Monitor and respond to your visitor's origin using integrated geolocation tools.
Http::ipDetail(string $ip): Returns a detailed JSON object with city, region, and ISP data.Http::getIpCountry(string $ip): Quickly resolves the 2-letter ISO country code for the provided IP.
🎨 User-Agent Masking
Http::randAgent(): Returns a realistic, randomly selected browser user-agent string to prevent automated request blocking by external APIs.Http::addAgent(string $ua): Allows modules to register additional custom user-agents to the internal list.
priority_high
ImportantOutbound Requests: When using
Http::fetch(), the class will prioritize cURL if the extension is enabled on your PHP environment. cURL is generally faster and supports more advanced features like TLS 1.3 and proxying.warning
CautionSSRF Security: If your site allows users to provide an external URL (e.g., for a remote logo or RSS feed), you MUST run the URL through
Http::validateUrl() before processing. This prevents attackers from scanning your internal network infrastructure.See Also
- Rest API Documentation — How the HTTP class powers the API engine.
- Security Settings — Configuring allowed protocols and ports.