Response represents an HTTP response in JSON format.
Note that this class does not force the returned JSON content to be an object. It is however recommended that you do return an object as it protects yourself against XSSI and JSON-JavaScript Hijacking.
@author Igor Wiedler <igor@wiedler.ch>
Expanded class hierarchy of JsonResponse
https://www.owasp.org/index.php/OWASP_AJAX_Security_Guidelines#Always_re...
class JsonResponse extends Response {
protected $data;
protected $callback;
/**
* Constructor.
*
* @param mixed $data The response data
* @param integer $status The response status code
* @param array $headers An array of response headers
*/
public function __construct($data = null, $status = 200, $headers = array()) {
parent::__construct('', $status, $headers);
if (null === $data) {
$data = new \ArrayObject();
}
$this
->setData($data);
}
/**
* {@inheritDoc}
*/
public static function create($data = null, $status = 200, $headers = array()) {
return new static($data, $status, $headers);
}
/**
* Sets the JSONP callback.
*
* @param string $callback
*
* @return JsonResponse
*
* @throws \InvalidArgumentException
*/
public function setCallback($callback = null) {
if (null !== $callback) {
// taken from http://www.geekality.net/2011/08/03/valid-javascript-identifier/
$pattern = '/^[$_\\p{L}][$_\\p{L}\\p{Mn}\\p{Mc}\\p{Nd}\\p{Pc}\\x{200C}\\x{200D}]*+$/u';
$parts = explode('.', $callback);
foreach ($parts as $part) {
if (!preg_match($pattern, $part)) {
throw new \InvalidArgumentException('The callback name is not valid.');
}
}
}
$this->callback = $callback;
return $this
->update();
}
/**
* Sets the data to be sent as json.
*
* @param mixed $data
*
* @return JsonResponse
*/
public function setData($data = array()) {
// Encode <, >, ', &, and " for RFC4627-compliant JSON, which may also be embedded into HTML.
$this->data = json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
return $this
->update();
}
/**
* Updates the content and headers according to the json data and callback.
*
* @return JsonResponse
*/
protected function update() {
if (null !== $this->callback) {
// Not using application/javascript for compatibility reasons with older browsers.
$this->headers
->set('Content-Type', 'text/javascript');
return $this
->setContent(sprintf('%s(%s);', $this->callback, $this->data));
}
// Only set the header when there is none or when it equals 'text/javascript' (from a previous update with callback)
// in order to not overwrite a custom definition.
if (!$this->headers
->has('Content-Type') || 'text/javascript' === $this->headers
->get('Content-Type')) {
$this->headers
->set('Content-Type', 'application/json');
}
return $this
->setContent($this->data);
}
}
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
JsonResponse:: |
public | function |
Constructor. Overrides Response:: |
|
JsonResponse:: |
public static | function |
Factory method for chainability Overrides Response:: |
|
JsonResponse:: |
public | function | Sets the JSONP callback. | |
JsonResponse:: |
public | function | Sets the data to be sent as json. | |
JsonResponse:: |
protected | function | Updates the content and headers according to the json data and callback. | |
Response:: |
public | function | Returns the Response as an HTTP string. | |
Response:: |
public | function | Clones the current Response instance. | |
Response:: |
public | function | Prepares the Response before it is sent to the client. | 3 |
Response:: |
public | function | Sends HTTP headers. | |
Response:: |
public | function | Sends content for the current web response. | 2 |
Response:: |
public | function | Sends HTTP headers and content. | |
Response:: |
public | function | Sets the response content. | 2 |
Response:: |
public | function | Gets the current response content. | 2 |
Response:: |
public | function | Sets the HTTP protocol version (1.0 or 1.1). | |
Response:: |
public | function | Gets the HTTP protocol version. | |
Response:: |
public | function | Sets the response status code. | |
Response:: |
public | function | Retrieves the status code for the current web response. | |
Response:: |
public | function | Sets the response charset. | |
Response:: |
public | function | Retrieves the response charset. | |
Response:: |
public | function | Returns true if the response is worth caching under any circumstance. | |
Response:: |
public | function | Returns true if the response is "fresh". | |
Response:: |
public | function | Returns true if the response includes headers that can be used to validate the response with the origin server using a conditional GET request. | |
Response:: |
public | function | Marks the response as "private". | |
Response:: |
public | function | Marks the response as "public". | |
Response:: |
public | function | Returns true if the response must be revalidated by caches. | |
Response:: |
public | function | Returns the Date header as a DateTime instance. | |
Response:: |
public | function | Sets the Date header. | |
Response:: |
public | function | Returns the age of the response. | |
Response:: |
public | function | Marks the response stale by setting the Age header to be equal to the maximum age of the response. | |
Response:: |
public | function | Returns the value of the Expires header as a DateTime instance. | |
Response:: |
public | function | Sets the Expires HTTP header with a DateTime instance. | |
Response:: |
public | function | Returns the number of seconds after the time specified in the response's Date header when the response should no longer be considered fresh. | |
Response:: |
public | function | Sets the number of seconds after which the response should no longer be considered fresh. | |
Response:: |
public | function | Sets the number of seconds after which the response should no longer be considered fresh by shared caches. | |
Response:: |
public | function | Returns the response's time-to-live in seconds. | |
Response:: |
public | function | Sets the response's time-to-live for shared caches. | |
Response:: |
public | function | Sets the response's time-to-live for private/client caches. | |
Response:: |
public | function | Returns the Last-Modified HTTP header as a DateTime instance. | |
Response:: |
public | function | Sets the Last-Modified HTTP header with a DateTime instance. | |
Response:: |
public | function | Returns the literal value of the ETag HTTP header. | |
Response:: |
public | function | Sets the ETag value. | |
Response:: |
public | function | Sets the response's cache headers (validation and/or expiration). | |
Response:: |
public | function | Modifies the response so that it conforms to the rules defined for a 304 status code. | |
Response:: |
public | function | Returns true if the response includes a Vary header. | |
Response:: |
public | function | Returns an array of header names given in the Vary header. | |
Response:: |
public | function | Sets the Vary header. | |
Response:: |
public | function | Determines if the Response validators (ETag, Last-Modified) match a conditional value specified in the Request. | |
Response:: |
public | function | Is response invalid? | |
Response:: |
public | function | Is response informative? | |
Response:: |
public | function | Is response successful? | |
Response:: |
public | function | Is the response a redirect? | |
Response:: |
public | function | Is there a client error? | |
Response:: |
public | function | Was there a server side error? | |
Response:: |
public | function | Is the response OK? | |
Response:: |
public | function | Is the response forbidden? | |
Response:: |
public | function | Is the response a not found error? | |
Response:: |
public | function | Is the response a redirect of some form? | |
Response:: |
public | function | Is the response empty? | |
Response:: |
protected | function | Check if we need to remove Cache-Control for ssl encrypted downloads when using IE < 9 | |
JsonResponse:: |
protected | property | ||
JsonResponse:: |
protected | property | ||
Response:: |
public | property | ||
Response:: |
protected | property | ||
Response:: |
protected | property | ||
Response:: |
protected | property | ||
Response:: |
protected | property | ||
Response:: |
protected | property | ||
Response:: |
public static | property | Status codes translation table. |