class JsonResponse

Response represents an HTTP response in JSON format.

Note that this class does not force the returned JSON content to be an object. It is however recommended that you do return an object as it protects yourself against XSSI and JSON-JavaScript Hijacking.

@author Igor Wiedler <igor@wiedler.ch>

Hierarchy

  • class \Symfony\Component\HttpFoundation\Response

Expanded class hierarchy of JsonResponse

See also

https://www.owasp.org/index.php/OWASP_AJAX_Security_Guidelines#Always_re...

22 files declare their use of JsonResponse
ajax.inc in drupal/core/modules/views/includes/ajax.inc
Handles the server side AJAX interactions of Views.
AjaxResponse.php in drupal/core/lib/Drupal/Core/Ajax/AjaxResponse.php
Definition of Drupal\Core\Ajax\AjaxResponse.
batch.inc in drupal/core/includes/batch.inc
Batch processing API for processes to run in multiple HTTP requests.
ContextualController.php in drupal/core/modules/contextual/lib/Drupal/contextual/ContextualController.php
Contains \Drupal\contextual\ContextualController.
database_test.module in drupal/core/modules/system/tests/modules/database_test/database_test.module

... See full list

File

drupal/core/vendor/symfony/http-foundation/Symfony/Component/HttpFoundation/JsonResponse.php, line 25

Namespace

Symfony\Component\HttpFoundation
View source
class JsonResponse extends Response {
  protected $data;
  protected $callback;

  /**
   * Constructor.
   *
   * @param mixed   $data    The response data
   * @param integer $status  The response status code
   * @param array   $headers An array of response headers
   */
  public function __construct($data = null, $status = 200, $headers = array()) {
    parent::__construct('', $status, $headers);
    if (null === $data) {
      $data = new \ArrayObject();
    }
    $this
      ->setData($data);
  }

  /**
   * {@inheritDoc}
   */
  public static function create($data = null, $status = 200, $headers = array()) {
    return new static($data, $status, $headers);
  }

  /**
   * Sets the JSONP callback.
   *
   * @param string $callback
   *
   * @return JsonResponse
   *
   * @throws \InvalidArgumentException
   */
  public function setCallback($callback = null) {
    if (null !== $callback) {

      // taken from http://www.geekality.net/2011/08/03/valid-javascript-identifier/
      $pattern = '/^[$_\\p{L}][$_\\p{L}\\p{Mn}\\p{Mc}\\p{Nd}\\p{Pc}\\x{200C}\\x{200D}]*+$/u';
      $parts = explode('.', $callback);
      foreach ($parts as $part) {
        if (!preg_match($pattern, $part)) {
          throw new \InvalidArgumentException('The callback name is not valid.');
        }
      }
    }
    $this->callback = $callback;
    return $this
      ->update();
  }

  /**
   * Sets the data to be sent as json.
   *
   * @param mixed $data
   *
   * @return JsonResponse
   */
  public function setData($data = array()) {

    // Encode <, >, ', &, and " for RFC4627-compliant JSON, which may also be embedded into HTML.
    $this->data = json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
    return $this
      ->update();
  }

  /**
   * Updates the content and headers according to the json data and callback.
   *
   * @return JsonResponse
   */
  protected function update() {
    if (null !== $this->callback) {

      // Not using application/javascript for compatibility reasons with older browsers.
      $this->headers
        ->set('Content-Type', 'text/javascript');
      return $this
        ->setContent(sprintf('%s(%s);', $this->callback, $this->data));
    }

    // Only set the header when there is none or when it equals 'text/javascript' (from a previous update with callback)
    // in order to not overwrite a custom definition.
    if (!$this->headers
      ->has('Content-Type') || 'text/javascript' === $this->headers
      ->get('Content-Type')) {
      $this->headers
        ->set('Content-Type', 'application/json');
    }
    return $this
      ->setContent($this->data);
  }

}

Members

Namesort descending Modifiers Type Description Overrides
JsonResponse::$callback protected property
JsonResponse::$data protected property
JsonResponse::create public static function Factory method for chainability Overrides Response::create
JsonResponse::setCallback public function Sets the JSONP callback.
JsonResponse::setData public function Sets the data to be sent as json.
JsonResponse::update protected function Updates the content and headers according to the json data and callback.
JsonResponse::__construct public function Constructor. Overrides Response::__construct
Response::$charset protected property
Response::$content protected property
Response::$headers public property
Response::$statusCode protected property
Response::$statusText protected property
Response::$statusTexts public static property Status codes translation table.
Response::$version protected property
Response::ensureIEOverSSLCompatibility protected function Check if we need to remove Cache-Control for ssl encrypted downloads when using IE < 9
Response::expire public function Marks the response stale by setting the Age header to be equal to the maximum age of the response.
Response::getAge public function Returns the age of the response.
Response::getCharset public function Retrieves the response charset.
Response::getContent public function Gets the current response content. 2
Response::getDate public function Returns the Date header as a DateTime instance.
Response::getEtag public function Returns the literal value of the ETag HTTP header.
Response::getExpires public function Returns the value of the Expires header as a DateTime instance.
Response::getLastModified public function Returns the Last-Modified HTTP header as a DateTime instance.
Response::getMaxAge public function Returns the number of seconds after the time specified in the response's Date header when the response should no longer be considered fresh.
Response::getProtocolVersion public function Gets the HTTP protocol version.
Response::getStatusCode public function Retrieves the status code for the current web response.
Response::getTtl public function Returns the response's time-to-live in seconds.
Response::getVary public function Returns an array of header names given in the Vary header.
Response::hasVary public function Returns true if the response includes a Vary header.
Response::isCacheable public function Returns true if the response is worth caching under any circumstance.
Response::isClientError public function Is there a client error?
Response::isEmpty public function Is the response empty?
Response::isForbidden public function Is the response forbidden?
Response::isFresh public function Returns true if the response is "fresh".
Response::isInformational public function Is response informative?
Response::isInvalid public function Is response invalid?
Response::isNotFound public function Is the response a not found error?
Response::isNotModified public function Determines if the Response validators (ETag, Last-Modified) match a conditional value specified in the Request.
Response::isOk public function Is the response OK?
Response::isRedirect public function Is the response a redirect of some form?
Response::isRedirection public function Is the response a redirect?
Response::isServerError public function Was there a server side error?
Response::isSuccessful public function Is response successful?
Response::isValidateable public function Returns true if the response includes headers that can be used to validate the response with the origin server using a conditional GET request.
Response::mustRevalidate public function Returns true if the response must be revalidated by caches.
Response::prepare public function Prepares the Response before it is sent to the client. 3
Response::send public function Sends HTTP headers and content.
Response::sendContent public function Sends content for the current web response. 2
Response::sendHeaders public function Sends HTTP headers.
Response::setCache public function Sets the response's cache headers (validation and/or expiration).
Response::setCharset public function Sets the response charset.
Response::setClientTtl public function Sets the response's time-to-live for private/client caches.
Response::setContent public function Sets the response content. 2
Response::setDate public function Sets the Date header.
Response::setEtag public function Sets the ETag value.
Response::setExpires public function Sets the Expires HTTP header with a DateTime instance.
Response::setLastModified public function Sets the Last-Modified HTTP header with a DateTime instance.
Response::setMaxAge public function Sets the number of seconds after which the response should no longer be considered fresh.
Response::setNotModified public function Modifies the response so that it conforms to the rules defined for a 304 status code.
Response::setPrivate public function Marks the response as "private".
Response::setProtocolVersion public function Sets the HTTP protocol version (1.0 or 1.1).
Response::setPublic public function Marks the response as "public".
Response::setSharedMaxAge public function Sets the number of seconds after which the response should no longer be considered fresh by shared caches.
Response::setStatusCode public function Sets the response status code.
Response::setTtl public function Sets the response's time-to-live for shared caches.
Response::setVary public function Sets the Vary header.
Response::__clone public function Clones the current Response instance.
Response::__toString public function Returns the Response as an HTTP string.