Response represents an HTTP response in JSON format.
Note that this class does not force the returned JSON content to be an object. It is however recommended that you do return an object as it protects yourself against XSSI and JSON-JavaScript Hijacking.
@author Igor Wiedler <igor@wiedler.ch>
Expanded class hierarchy of JsonResponse
https://www.owasp.org/index.php/OWASP_AJAX_Security_Guidelines#Always_re...
class JsonResponse extends Response {
protected $data;
protected $callback;
/**
* Constructor.
*
* @param mixed $data The response data
* @param integer $status The response status code
* @param array $headers An array of response headers
*/
public function __construct($data = null, $status = 200, $headers = array()) {
parent::__construct('', $status, $headers);
if (null === $data) {
$data = new \ArrayObject();
}
$this
->setData($data);
}
/**
* {@inheritDoc}
*/
public static function create($data = null, $status = 200, $headers = array()) {
return new static($data, $status, $headers);
}
/**
* Sets the JSONP callback.
*
* @param string $callback
*
* @return JsonResponse
*
* @throws \InvalidArgumentException
*/
public function setCallback($callback = null) {
if (null !== $callback) {
// taken from http://www.geekality.net/2011/08/03/valid-javascript-identifier/
$pattern = '/^[$_\\p{L}][$_\\p{L}\\p{Mn}\\p{Mc}\\p{Nd}\\p{Pc}\\x{200C}\\x{200D}]*+$/u';
$parts = explode('.', $callback);
foreach ($parts as $part) {
if (!preg_match($pattern, $part)) {
throw new \InvalidArgumentException('The callback name is not valid.');
}
}
}
$this->callback = $callback;
return $this
->update();
}
/**
* Sets the data to be sent as json.
*
* @param mixed $data
*
* @return JsonResponse
*/
public function setData($data = array()) {
// Encode <, >, ', &, and " for RFC4627-compliant JSON, which may also be embedded into HTML.
$this->data = json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
return $this
->update();
}
/**
* Updates the content and headers according to the json data and callback.
*
* @return JsonResponse
*/
protected function update() {
if (null !== $this->callback) {
// Not using application/javascript for compatibility reasons with older browsers.
$this->headers
->set('Content-Type', 'text/javascript');
return $this
->setContent(sprintf('%s(%s);', $this->callback, $this->data));
}
// Only set the header when there is none or when it equals 'text/javascript' (from a previous update with callback)
// in order to not overwrite a custom definition.
if (!$this->headers
->has('Content-Type') || 'text/javascript' === $this->headers
->get('Content-Type')) {
$this->headers
->set('Content-Type', 'application/json');
}
return $this
->setContent($this->data);
}
}
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
JsonResponse:: |
protected | property | ||
JsonResponse:: |
protected | property | ||
JsonResponse:: |
public static | function |
Factory method for chainability Overrides Response:: |
|
JsonResponse:: |
public | function | Sets the JSONP callback. | |
JsonResponse:: |
public | function | Sets the data to be sent as json. | |
JsonResponse:: |
protected | function | Updates the content and headers according to the json data and callback. | |
JsonResponse:: |
public | function |
Constructor. Overrides Response:: |
|
Response:: |
protected | property | ||
Response:: |
protected | property | ||
Response:: |
public | property | ||
Response:: |
protected | property | ||
Response:: |
protected | property | ||
Response:: |
public static | property | Status codes translation table. | |
Response:: |
protected | property | ||
Response:: |
protected | function | Check if we need to remove Cache-Control for ssl encrypted downloads when using IE < 9 | |
Response:: |
public | function | Marks the response stale by setting the Age header to be equal to the maximum age of the response. | |
Response:: |
public | function | Returns the age of the response. | |
Response:: |
public | function | Retrieves the response charset. | |
Response:: |
public | function | Gets the current response content. | 2 |
Response:: |
public | function | Returns the Date header as a DateTime instance. | |
Response:: |
public | function | Returns the literal value of the ETag HTTP header. | |
Response:: |
public | function | Returns the value of the Expires header as a DateTime instance. | |
Response:: |
public | function | Returns the Last-Modified HTTP header as a DateTime instance. | |
Response:: |
public | function | Returns the number of seconds after the time specified in the response's Date header when the response should no longer be considered fresh. | |
Response:: |
public | function | Gets the HTTP protocol version. | |
Response:: |
public | function | Retrieves the status code for the current web response. | |
Response:: |
public | function | Returns the response's time-to-live in seconds. | |
Response:: |
public | function | Returns an array of header names given in the Vary header. | |
Response:: |
public | function | Returns true if the response includes a Vary header. | |
Response:: |
public | function | Returns true if the response is worth caching under any circumstance. | |
Response:: |
public | function | Is there a client error? | |
Response:: |
public | function | Is the response empty? | |
Response:: |
public | function | Is the response forbidden? | |
Response:: |
public | function | Returns true if the response is "fresh". | |
Response:: |
public | function | Is response informative? | |
Response:: |
public | function | Is response invalid? | |
Response:: |
public | function | Is the response a not found error? | |
Response:: |
public | function | Determines if the Response validators (ETag, Last-Modified) match a conditional value specified in the Request. | |
Response:: |
public | function | Is the response OK? | |
Response:: |
public | function | Is the response a redirect of some form? | |
Response:: |
public | function | Is the response a redirect? | |
Response:: |
public | function | Was there a server side error? | |
Response:: |
public | function | Is response successful? | |
Response:: |
public | function | Returns true if the response includes headers that can be used to validate the response with the origin server using a conditional GET request. | |
Response:: |
public | function | Returns true if the response must be revalidated by caches. | |
Response:: |
public | function | Prepares the Response before it is sent to the client. | 3 |
Response:: |
public | function | Sends HTTP headers and content. | |
Response:: |
public | function | Sends content for the current web response. | 2 |
Response:: |
public | function | Sends HTTP headers. | |
Response:: |
public | function | Sets the response's cache headers (validation and/or expiration). | |
Response:: |
public | function | Sets the response charset. | |
Response:: |
public | function | Sets the response's time-to-live for private/client caches. | |
Response:: |
public | function | Sets the response content. | 2 |
Response:: |
public | function | Sets the Date header. | |
Response:: |
public | function | Sets the ETag value. | |
Response:: |
public | function | Sets the Expires HTTP header with a DateTime instance. | |
Response:: |
public | function | Sets the Last-Modified HTTP header with a DateTime instance. | |
Response:: |
public | function | Sets the number of seconds after which the response should no longer be considered fresh. | |
Response:: |
public | function | Modifies the response so that it conforms to the rules defined for a 304 status code. | |
Response:: |
public | function | Marks the response as "private". | |
Response:: |
public | function | Sets the HTTP protocol version (1.0 or 1.1). | |
Response:: |
public | function | Marks the response as "public". | |
Response:: |
public | function | Sets the number of seconds after which the response should no longer be considered fresh by shared caches. | |
Response:: |
public | function | Sets the response status code. | |
Response:: |
public | function | Sets the response's time-to-live for shared caches. | |
Response:: |
public | function | Sets the Vary header. | |
Response:: |
public | function | Clones the current Response instance. | |
Response:: |
public | function | Returns the Response as an HTTP string. |