class JsonResponse

Response represents an HTTP response in JSON format.

Note that this class does not force the returned JSON content to be an object. It is however recommended that you do return an object as it protects yourself against XSSI and JSON-JavaScript Hijacking.

@author Igor Wiedler <igor@wiedler.ch>

Hierarchy

  • class \Symfony\Component\HttpFoundation\Response

Expanded class hierarchy of JsonResponse

See also

https://www.owasp.org/index.php/OWASP_AJAX_Security_Guidelines#Always_re...

22 files declare their use of JsonResponse
ajax.inc in drupal/core/modules/views/includes/ajax.inc
Handles the server side AJAX interactions of Views.
AjaxResponse.php in drupal/core/lib/Drupal/Core/Ajax/AjaxResponse.php
Definition of Drupal\Core\Ajax\AjaxResponse.
batch.inc in drupal/core/includes/batch.inc
Batch processing API for processes to run in multiple HTTP requests.
ContextualController.php in drupal/core/modules/contextual/lib/Drupal/contextual/ContextualController.php
Contains \Drupal\contextual\ContextualController.
database_test.module in drupal/core/modules/system/tests/modules/database_test/database_test.module

... See full list

File

drupal/core/vendor/symfony/http-foundation/Symfony/Component/HttpFoundation/JsonResponse.php, line 25

Namespace

Symfony\Component\HttpFoundation
View source
class JsonResponse extends Response {
  protected $data;
  protected $callback;

  /**
   * Constructor.
   *
   * @param mixed   $data    The response data
   * @param integer $status  The response status code
   * @param array   $headers An array of response headers
   */
  public function __construct($data = null, $status = 200, $headers = array()) {
    parent::__construct('', $status, $headers);
    if (null === $data) {
      $data = new \ArrayObject();
    }
    $this
      ->setData($data);
  }

  /**
   * {@inheritDoc}
   */
  public static function create($data = null, $status = 200, $headers = array()) {
    return new static($data, $status, $headers);
  }

  /**
   * Sets the JSONP callback.
   *
   * @param string $callback
   *
   * @return JsonResponse
   *
   * @throws \InvalidArgumentException
   */
  public function setCallback($callback = null) {
    if (null !== $callback) {

      // taken from http://www.geekality.net/2011/08/03/valid-javascript-identifier/
      $pattern = '/^[$_\\p{L}][$_\\p{L}\\p{Mn}\\p{Mc}\\p{Nd}\\p{Pc}\\x{200C}\\x{200D}]*+$/u';
      $parts = explode('.', $callback);
      foreach ($parts as $part) {
        if (!preg_match($pattern, $part)) {
          throw new \InvalidArgumentException('The callback name is not valid.');
        }
      }
    }
    $this->callback = $callback;
    return $this
      ->update();
  }

  /**
   * Sets the data to be sent as json.
   *
   * @param mixed $data
   *
   * @return JsonResponse
   */
  public function setData($data = array()) {

    // Encode <, >, ', &, and " for RFC4627-compliant JSON, which may also be embedded into HTML.
    $this->data = json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
    return $this
      ->update();
  }

  /**
   * Updates the content and headers according to the json data and callback.
   *
   * @return JsonResponse
   */
  protected function update() {
    if (null !== $this->callback) {

      // Not using application/javascript for compatibility reasons with older browsers.
      $this->headers
        ->set('Content-Type', 'text/javascript');
      return $this
        ->setContent(sprintf('%s(%s);', $this->callback, $this->data));
    }

    // Only set the header when there is none or when it equals 'text/javascript' (from a previous update with callback)
    // in order to not overwrite a custom definition.
    if (!$this->headers
      ->has('Content-Type') || 'text/javascript' === $this->headers
      ->get('Content-Type')) {
      $this->headers
        ->set('Content-Type', 'application/json');
    }
    return $this
      ->setContent($this->data);
  }

}

Members

Name Modifiers Typesort descending Description Overrides
JsonResponse::__construct public function Constructor. Overrides Response::__construct
JsonResponse::create public static function Factory method for chainability Overrides Response::create
JsonResponse::setCallback public function Sets the JSONP callback.
JsonResponse::setData public function Sets the data to be sent as json.
JsonResponse::update protected function Updates the content and headers according to the json data and callback.
Response::__toString public function Returns the Response as an HTTP string.
Response::__clone public function Clones the current Response instance.
Response::prepare public function Prepares the Response before it is sent to the client. 3
Response::sendHeaders public function Sends HTTP headers.
Response::sendContent public function Sends content for the current web response. 2
Response::send public function Sends HTTP headers and content.
Response::setContent public function Sets the response content. 2
Response::getContent public function Gets the current response content. 2
Response::setProtocolVersion public function Sets the HTTP protocol version (1.0 or 1.1).
Response::getProtocolVersion public function Gets the HTTP protocol version.
Response::setStatusCode public function Sets the response status code.
Response::getStatusCode public function Retrieves the status code for the current web response.
Response::setCharset public function Sets the response charset.
Response::getCharset public function Retrieves the response charset.
Response::isCacheable public function Returns true if the response is worth caching under any circumstance.
Response::isFresh public function Returns true if the response is "fresh".
Response::isValidateable public function Returns true if the response includes headers that can be used to validate the response with the origin server using a conditional GET request.
Response::setPrivate public function Marks the response as "private".
Response::setPublic public function Marks the response as "public".
Response::mustRevalidate public function Returns true if the response must be revalidated by caches.
Response::getDate public function Returns the Date header as a DateTime instance.
Response::setDate public function Sets the Date header.
Response::getAge public function Returns the age of the response.
Response::expire public function Marks the response stale by setting the Age header to be equal to the maximum age of the response.
Response::getExpires public function Returns the value of the Expires header as a DateTime instance.
Response::setExpires public function Sets the Expires HTTP header with a DateTime instance.
Response::getMaxAge public function Returns the number of seconds after the time specified in the response's Date header when the response should no longer be considered fresh.
Response::setMaxAge public function Sets the number of seconds after which the response should no longer be considered fresh.
Response::setSharedMaxAge public function Sets the number of seconds after which the response should no longer be considered fresh by shared caches.
Response::getTtl public function Returns the response's time-to-live in seconds.
Response::setTtl public function Sets the response's time-to-live for shared caches.
Response::setClientTtl public function Sets the response's time-to-live for private/client caches.
Response::getLastModified public function Returns the Last-Modified HTTP header as a DateTime instance.
Response::setLastModified public function Sets the Last-Modified HTTP header with a DateTime instance.
Response::getEtag public function Returns the literal value of the ETag HTTP header.
Response::setEtag public function Sets the ETag value.
Response::setCache public function Sets the response's cache headers (validation and/or expiration).
Response::setNotModified public function Modifies the response so that it conforms to the rules defined for a 304 status code.
Response::hasVary public function Returns true if the response includes a Vary header.
Response::getVary public function Returns an array of header names given in the Vary header.
Response::setVary public function Sets the Vary header.
Response::isNotModified public function Determines if the Response validators (ETag, Last-Modified) match a conditional value specified in the Request.
Response::isInvalid public function Is response invalid?
Response::isInformational public function Is response informative?
Response::isSuccessful public function Is response successful?
Response::isRedirection public function Is the response a redirect?
Response::isClientError public function Is there a client error?
Response::isServerError public function Was there a server side error?
Response::isOk public function Is the response OK?
Response::isForbidden public function Is the response forbidden?
Response::isNotFound public function Is the response a not found error?
Response::isRedirect public function Is the response a redirect of some form?
Response::isEmpty public function Is the response empty?
Response::ensureIEOverSSLCompatibility protected function Check if we need to remove Cache-Control for ssl encrypted downloads when using IE < 9
JsonResponse::$data protected property
JsonResponse::$callback protected property
Response::$headers public property
Response::$content protected property
Response::$version protected property
Response::$statusCode protected property
Response::$statusText protected property
Response::$charset protected property
Response::$statusTexts public static property Status codes translation table.