From e98e3e6d4f86621a9b75f623996e6bbdeb4b9318 Mon Sep 17 00:00:00 2001
From: Graham Campbell <GrahamCampbell@users.noreply.github.com>
Date: Mon, 20 Jun 2022 22:43:03 +0100
Subject: [PATCH] Release 1.9.0 (#520)

---
 CHANGELOG.md                | 10 +++++--
 README.md                   | 24 ++++++++++++++--
 composer.json               |  2 +-
 src/UriComparator.php       | 55 +++++++++++++++++++++++++++++++++++++
 tests/UriComparatorTest.php | 42 ++++++++++++++++++++++++++++
 5 files changed, 128 insertions(+), 5 deletions(-)
 create mode 100644 src/UriComparator.php
 create mode 100644 tests/UriComparatorTest.php

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f177f583..b4fdf3c6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,12 +3,18 @@
 
 All notable changes to this project will be documented in this file.
 
-The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
-and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
 ## Unreleased
 
+## 1.9.0 - 2022-06-20
+
+### Added
+
+- Added `UriComparator::isCrossOrigin` method
+
 ## 1.8.5 - 2022-03-20
 
 ### Fixed
diff --git a/README.md b/README.md
index 464cae4f..64776cb6 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # PSR-7 Message Implementation
 
-This repository contains a full [PSR-7](http://www.php-fig.org/psr/psr-7/)
+This repository contains a full [PSR-7](https://www.php-fig.org/psr/psr-7/)
 message implementation, several stream decorators, and some helpful
 functionality like query string parsing.
 
@@ -659,7 +659,7 @@ manually but instead is used indirectly via `Psr\Http\Message\UriInterface::__to
 
 `public static function fromParts(array $parts): UriInterface`
 
-Creates a URI from a hash of [`parse_url`](http://php.net/manual/en/function.parse-url.php) components.
+Creates a URI from a hash of [`parse_url`](https://www.php.net/manual/en/function.parse-url.php) components.
 
 
 ### `GuzzleHttp\Psr7\Uri::withQueryValue`
@@ -684,6 +684,16 @@ associative array of key => value.
 Creates a new URI with a specific query string value removed. Any existing query string values that exactly match the
 provided key are removed.
 
+## Cross-Origin Detection
+
+`GuzzleHttp\Psr7\UriComparator` provides methods to determine if a modified URL should be considered cross-origin.
+
+### `GuzzleHttp\Psr7\UriComparator::isCrossOrigin`
+
+`public static function isCrossOrigin(UriInterface $original, UriInterface $modified): bool`
+
+Determines if a modified URL should be considered cross-origin with respect to an original URL.
+
 ## Reference Resolution
 
 `GuzzleHttp\Psr7\UriResolver` provides methods to resolve a URI reference in the context of a base URI according
@@ -809,14 +819,24 @@ This of course assumes they will be resolved against the same base URI. If this
 equivalence or difference of relative references does not mean anything.
 
 
+## Version Guidance
+
+| Version | Status         | PHP Version      |
+|---------|----------------|------------------|
+| 1.x     | Security fixes | >=5.4,<8.1       |
+| 2.x     | Latest         | ^7.2.5 \|\| ^8.0 |
+
+
 ## Security
 
 If you discover a security vulnerability within this package, please send an email to security@tidelift.com. All security vulnerabilities will be promptly addressed. Please do not disclose security-related issues publicly until a fix has been announced. Please see [Security Policy](https://github.com/guzzle/psr7/security/policy) for more information.
 
+
 ## License
 
 Guzzle is made available under the MIT License (MIT). Please see [License File](LICENSE) for more information.
 
+
 ## For Enterprise
 
 Available as part of the Tidelift Subscription
diff --git a/composer.json b/composer.json
index 7ecdc8ba..0e36920d 100644
--- a/composer.json
+++ b/composer.json
@@ -63,7 +63,7 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-master": "1.7-dev"
+            "dev-master": "1.9-dev"
         }
     },
     "config": {
diff --git a/src/UriComparator.php b/src/UriComparator.php
new file mode 100644
index 00000000..ccf51ffb
--- /dev/null
+++ b/src/UriComparator.php
@@ -0,0 +1,55 @@
+<?php
+
+namespace GuzzleHttp\Psr7;
+
+use Psr\Http\Message\UriInterface;
+
+/**
+ * Provides methods to determine if a modified URL should be considered cross-origin.
+ *
+ * @author Graham Campbell
+ */
+final class UriComparator
+{
+    /**
+     * Determines if a modified URL should be considered cross-origin with
+     * respect to an original URL.
+     *
+     * @return bool
+     */
+    public static function isCrossOrigin(UriInterface $original, UriInterface $modified)
+    {
+        if (\strcasecmp($original->getHost(), $modified->getHost()) !== 0) {
+            return true;
+        }
+
+        if ($original->getScheme() !== $modified->getScheme()) {
+            return true;
+        }
+
+        if (self::computePort($original) !== self::computePort($modified)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * @return int
+     */
+    private static function computePort(UriInterface $uri)
+    {
+        $port = $uri->getPort();
+
+        if (null !== $port) {
+            return $port;
+        }
+
+        return 'https' === $uri->getScheme() ? 443 : 80;
+    }
+
+    private function __construct()
+    {
+        // cannot be instantiated
+    }
+}
diff --git a/tests/UriComparatorTest.php b/tests/UriComparatorTest.php
new file mode 100644
index 00000000..ccfdd7b7
--- /dev/null
+++ b/tests/UriComparatorTest.php
@@ -0,0 +1,42 @@
+<?php
+
+namespace GuzzleHttp\Tests\Psr7;
+
+use GuzzleHttp\Psr7\Uri;
+use GuzzleHttp\Psr7\UriComparator;
+
+/**
+ * @covers GuzzleHttp\Psr7\UriComparator
+ */
+class UriComparatorTest extends BaseTest
+{
+    /**
+     * @dataProvider getCrossOriginExamples
+     */
+    public function testIsCrossOrigin($originalUri, $modifiedUri, $expected)
+    {
+        self::assertSame($expected, UriComparator::isCrossOrigin(new Uri($originalUri), new Uri($modifiedUri)));
+    }
+
+    public function getCrossOriginExamples()
+    {
+        return [
+            ['http://example.com/123', 'http://example.com/', false],
+            ['http://example.com/123', 'http://example.com:80/', false],
+            ['http://example.com:80/123', 'http://example.com/', false],
+            ['http://example.com:80/123', 'http://example.com:80/', false],
+            ['http://example.com/123', 'https://example.com/', true],
+            ['http://example.com/123', 'http://www.example.com/', true],
+            ['http://example.com/123', 'http://example.com:81/', true],
+            ['http://example.com:80/123', 'http://example.com:81/', true],
+            ['https://example.com/123', 'https://example.com/', false],
+            ['https://example.com/123', 'https://example.com:443/', false],
+            ['https://example.com:443/123', 'https://example.com/', false],
+            ['https://example.com:443/123', 'https://example.com:443/', false],
+            ['https://example.com/123', 'http://example.com/', true],
+            ['https://example.com/123', 'https://www.example.com/', true],
+            ['https://example.com/123', 'https://example.com:444/', true],
+            ['https://example.com:443/123', 'https://example.com:444/', true],
+        ];
+    }
+}