Response represents an HTTP response in JSON format.
Note that this class does not force the returned JSON content to be an object. It is however recommended that you do return an object as it protects yourself against XSSI and JSON-JavaScript Hijacking.
@author Igor Wiedler <igor@wiedler.ch>
Expanded class hierarchy of JsonResponse
https://www.owasp.org/index.php/OWASP_AJAX_Security_Guidelines#Always_re...
class JsonResponse extends Response {
protected $data;
protected $callback;
/**
* Constructor.
*
* @param mixed $data The response data
* @param integer $status The response status code
* @param array $headers An array of response headers
*/
public function __construct($data = null, $status = 200, $headers = array()) {
parent::__construct('', $status, $headers);
if (null === $data) {
$data = new \ArrayObject();
}
$this
->setData($data);
}
/**
* {@inheritDoc}
*/
public static function create($data = null, $status = 200, $headers = array()) {
return new static($data, $status, $headers);
}
/**
* Sets the JSONP callback.
*
* @param string $callback
*
* @return JsonResponse
*
* @throws \InvalidArgumentException
*/
public function setCallback($callback = null) {
if (null !== $callback) {
// taken from http://www.geekality.net/2011/08/03/valid-javascript-identifier/
$pattern = '/^[$_\\p{L}][$_\\p{L}\\p{Mn}\\p{Mc}\\p{Nd}\\p{Pc}\\x{200C}\\x{200D}]*+$/u';
$parts = explode('.', $callback);
foreach ($parts as $part) {
if (!preg_match($pattern, $part)) {
throw new \InvalidArgumentException('The callback name is not valid.');
}
}
}
$this->callback = $callback;
return $this
->update();
}
/**
* Sets the data to be sent as json.
*
* @param mixed $data
*
* @return JsonResponse
*/
public function setData($data = array()) {
// Encode <, >, ', &, and " for RFC4627-compliant JSON, which may also be embedded into HTML.
$this->data = json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
return $this
->update();
}
/**
* Updates the content and headers according to the json data and callback.
*
* @return JsonResponse
*/
protected function update() {
if (null !== $this->callback) {
// Not using application/javascript for compatibility reasons with older browsers.
$this->headers
->set('Content-Type', 'text/javascript');
return $this
->setContent(sprintf('%s(%s);', $this->callback, $this->data));
}
// Only set the header when there is none or when it equals 'text/javascript' (from a previous update with callback)
// in order to not overwrite a custom definition.
if (!$this->headers
->has('Content-Type') || 'text/javascript' === $this->headers
->get('Content-Type')) {
$this->headers
->set('Content-Type', 'application/json');
}
return $this
->setContent($this->data);
}
}
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
JsonResponse:: |
protected | property | ||
JsonResponse:: |
protected | property | ||
Response:: |
public | property | ||
Response:: |
protected | property | ||
Response:: |
protected | property | ||
Response:: |
protected | property | ||
Response:: |
protected | property | ||
Response:: |
protected | property | ||
Response:: |
protected | function | Check if we need to remove Cache-Control for ssl encrypted downloads when using IE < 9 | |
Response:: |
public | function | Clones the current Response instance. | |
JsonResponse:: |
public | function |
Constructor. Overrides Response:: |
|
Response:: |
public | function | Determines if the Response validators (ETag, Last-Modified) match a conditional value specified in the Request. | |
JsonResponse:: |
public static | function |
Factory method for chainability Overrides Response:: |
|
Response:: |
public | function | Gets the current response content. | 2 |
Response:: |
public | function | Gets the HTTP protocol version. | |
Response:: |
public | function | Is response informative? | |
Response:: |
public | function | Is response invalid? | |
Response:: |
public | function | Is response successful? | |
Response:: |
public | function | Is the response a not found error? | |
Response:: |
public | function | Is the response a redirect of some form? | |
Response:: |
public | function | Is the response a redirect? | |
Response:: |
public | function | Is the response empty? | |
Response:: |
public | function | Is the response forbidden? | |
Response:: |
public | function | Is the response OK? | |
Response:: |
public | function | Is there a client error? | |
Response:: |
public | function | Marks the response as "private". | |
Response:: |
public | function | Marks the response as "public". | |
Response:: |
public | function | Marks the response stale by setting the Age header to be equal to the maximum age of the response. | |
Response:: |
public | function | Modifies the response so that it conforms to the rules defined for a 304 status code. | |
Response:: |
public | function | Prepares the Response before it is sent to the client. | 3 |
Response:: |
public | function | Retrieves the response charset. | |
Response:: |
public | function | Retrieves the status code for the current web response. | |
Response:: |
public | function | Returns an array of header names given in the Vary header. | |
Response:: |
public | function | Returns the age of the response. | |
Response:: |
public | function | Returns the Date header as a DateTime instance. | |
Response:: |
public | function | Returns the Last-Modified HTTP header as a DateTime instance. | |
Response:: |
public | function | Returns the literal value of the ETag HTTP header. | |
Response:: |
public | function | Returns the number of seconds after the time specified in the response's Date header when the response should no longer be considered fresh. | |
Response:: |
public | function | Returns the Response as an HTTP string. | |
Response:: |
public | function | Returns the response's time-to-live in seconds. | |
Response:: |
public | function | Returns the value of the Expires header as a DateTime instance. | |
Response:: |
public | function | Returns true if the response includes a Vary header. | |
Response:: |
public | function | Returns true if the response includes headers that can be used to validate the response with the origin server using a conditional GET request. | |
Response:: |
public | function | Returns true if the response is "fresh". | |
Response:: |
public | function | Returns true if the response is worth caching under any circumstance. | |
Response:: |
public | function | Returns true if the response must be revalidated by caches. | |
Response:: |
public | function | Sends content for the current web response. | 2 |
Response:: |
public | function | Sends HTTP headers and content. | |
Response:: |
public | function | Sends HTTP headers. | |
JsonResponse:: |
public | function | Sets the data to be sent as json. | |
Response:: |
public | function | Sets the Date header. | |
Response:: |
public | function | Sets the ETag value. | |
Response:: |
public | function | Sets the Expires HTTP header with a DateTime instance. | |
Response:: |
public | function | Sets the HTTP protocol version (1.0 or 1.1). | |
JsonResponse:: |
public | function | Sets the JSONP callback. | |
Response:: |
public | function | Sets the Last-Modified HTTP header with a DateTime instance. | |
Response:: |
public | function | Sets the number of seconds after which the response should no longer be considered fresh by shared caches. | |
Response:: |
public | function | Sets the number of seconds after which the response should no longer be considered fresh. | |
Response:: |
public | function | Sets the response charset. | |
Response:: |
public | function | Sets the response content. | 2 |
Response:: |
public | function | Sets the response status code. | |
Response:: |
public | function | Sets the response's cache headers (validation and/or expiration). | |
Response:: |
public | function | Sets the response's time-to-live for private/client caches. | |
Response:: |
public | function | Sets the response's time-to-live for shared caches. | |
Response:: |
public | function | Sets the Vary header. | |
Response:: |
public static | property | Status codes translation table. | |
JsonResponse:: |
protected | function | Updates the content and headers according to the json data and callback. | |
Response:: |
public | function | Was there a server side error? |