feat: add native header detection to DebugToolbar

datamweb · datamweb · commit 4c34ff540597 · 2026-01-01T09:46:20.000+03:30
diff --git a/system/Debug/Toolbar.php b/system/Debug/Toolbar.php
@@ -372,6 +372,11 @@ public function prepare(?RequestInterface $request = null, ?ResponseInterface $r
          * @var IncomingRequest|null $request
          */
         if (CI_DEBUG && ! is_cli()) {
+
+            if ($this->hasNativeHeaderConflict()) {
+                return;
+            }
+
             $app = service('codeigniter');
 
             $request ??= service('request');
@@ -544,6 +549,32 @@ protected function format(string $data, string $format = 'html'): string
         return $output;
     }
 
+    /**
+     * Checks if the native PHP headers indicate a non-HTML response
+     * or if headers are already sent.
+     */
+    protected function hasNativeHeaderConflict(): bool
+    {
+        // If headers are sent, we can't inject HTML.
+        if (headers_sent()) {
+            return true;
+        }
+
+        // Native Header Inspection
+        foreach (headers_list() as $header) {
+            // Content-Type is set but is NOT text/html
+            if (str_starts_with(strtolower($header), strtolower('Content-Type:')) && ! str_contains(strtolower($header), strtolower('text/html'))) {
+                return true;
+            }
+            // File is being downloaded (Attachment)
+            if (str_starts_with(strtolower($header), strtolower('Content-Disposition:')) && str_contains(strtolower($header), strtolower('attachment'))) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
     /**
      * Determine if the toolbar should be disabled based on the request headers.
      *
