class JsonResponse

Response represents an HTTP response in JSON format.

Note that this class does not force the returned JSON content to be an object. It is however recommended that you do return an object as it protects yourself against XSSI and JSON-JavaScript Hijacking.

@author Igor Wiedler <igor@wiedler.ch>

Hierarchy

  • class \Symfony\Component\HttpFoundation\Response

Expanded class hierarchy of JsonResponse

See also

https://www.owasp.org/index.php/OWASP_AJAX_Security_Guidelines#Always_re...

22 files declare their use of JsonResponse
ajax.inc in drupal/core/modules/views/includes/ajax.inc
Handles the server side AJAX interactions of Views.
AjaxResponse.php in drupal/core/lib/Drupal/Core/Ajax/AjaxResponse.php
Definition of Drupal\Core\Ajax\AjaxResponse.
batch.inc in drupal/core/includes/batch.inc
Batch processing API for processes to run in multiple HTTP requests.
ContextualController.php in drupal/core/modules/contextual/lib/Drupal/contextual/ContextualController.php
Contains \Drupal\contextual\ContextualController.
database_test.module in drupal/core/modules/system/tests/modules/database_test/database_test.module

... See full list

File

drupal/core/vendor/symfony/http-foundation/Symfony/Component/HttpFoundation/JsonResponse.php, line 25

Namespace

Symfony\Component\HttpFoundation
View source
class JsonResponse extends Response {
  protected $data;
  protected $callback;

  /**
   * Constructor.
   *
   * @param mixed   $data    The response data
   * @param integer $status  The response status code
   * @param array   $headers An array of response headers
   */
  public function __construct($data = null, $status = 200, $headers = array()) {
    parent::__construct('', $status, $headers);
    if (null === $data) {
      $data = new \ArrayObject();
    }
    $this
      ->setData($data);
  }

  /**
   * {@inheritDoc}
   */
  public static function create($data = null, $status = 200, $headers = array()) {
    return new static($data, $status, $headers);
  }

  /**
   * Sets the JSONP callback.
   *
   * @param string $callback
   *
   * @return JsonResponse
   *
   * @throws \InvalidArgumentException
   */
  public function setCallback($callback = null) {
    if (null !== $callback) {

      // taken from http://www.geekality.net/2011/08/03/valid-javascript-identifier/
      $pattern = '/^[$_\\p{L}][$_\\p{L}\\p{Mn}\\p{Mc}\\p{Nd}\\p{Pc}\\x{200C}\\x{200D}]*+$/u';
      $parts = explode('.', $callback);
      foreach ($parts as $part) {
        if (!preg_match($pattern, $part)) {
          throw new \InvalidArgumentException('The callback name is not valid.');
        }
      }
    }
    $this->callback = $callback;
    return $this
      ->update();
  }

  /**
   * Sets the data to be sent as json.
   *
   * @param mixed $data
   *
   * @return JsonResponse
   */
  public function setData($data = array()) {

    // Encode <, >, ', &, and " for RFC4627-compliant JSON, which may also be embedded into HTML.
    $this->data = json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
    return $this
      ->update();
  }

  /**
   * Updates the content and headers according to the json data and callback.
   *
   * @return JsonResponse
   */
  protected function update() {
    if (null !== $this->callback) {

      // Not using application/javascript for compatibility reasons with older browsers.
      $this->headers
        ->set('Content-Type', 'text/javascript');
      return $this
        ->setContent(sprintf('%s(%s);', $this->callback, $this->data));
    }

    // Only set the header when there is none or when it equals 'text/javascript' (from a previous update with callback)
    // in order to not overwrite a custom definition.
    if (!$this->headers
      ->has('Content-Type') || 'text/javascript' === $this->headers
      ->get('Content-Type')) {
      $this->headers
        ->set('Content-Type', 'application/json');
    }
    return $this
      ->setContent($this->data);
  }

}

Members

Name Modifiers Type Descriptionsort descending Overrides
JsonResponse::$data protected property
JsonResponse::$callback protected property
Response::$headers public property
Response::$content protected property
Response::$version protected property
Response::$statusCode protected property
Response::$statusText protected property
Response::$charset protected property
Response::ensureIEOverSSLCompatibility protected function Check if we need to remove Cache-Control for ssl encrypted downloads when using IE < 9
Response::__clone public function Clones the current Response instance.
JsonResponse::__construct public function Constructor. Overrides Response::__construct
Response::isNotModified public function Determines if the Response validators (ETag, Last-Modified) match a conditional value specified in the Request.
JsonResponse::create public static function Factory method for chainability Overrides Response::create
Response::getContent public function Gets the current response content. 2
Response::getProtocolVersion public function Gets the HTTP protocol version.
Response::isInformational public function Is response informative?
Response::isInvalid public function Is response invalid?
Response::isSuccessful public function Is response successful?
Response::isNotFound public function Is the response a not found error?
Response::isRedirect public function Is the response a redirect of some form?
Response::isRedirection public function Is the response a redirect?
Response::isEmpty public function Is the response empty?
Response::isForbidden public function Is the response forbidden?
Response::isOk public function Is the response OK?
Response::isClientError public function Is there a client error?
Response::setPrivate public function Marks the response as "private".
Response::setPublic public function Marks the response as "public".
Response::expire public function Marks the response stale by setting the Age header to be equal to the maximum age of the response.
Response::setNotModified public function Modifies the response so that it conforms to the rules defined for a 304 status code.
Response::prepare public function Prepares the Response before it is sent to the client. 3
Response::getCharset public function Retrieves the response charset.
Response::getStatusCode public function Retrieves the status code for the current web response.
Response::getVary public function Returns an array of header names given in the Vary header.
Response::getAge public function Returns the age of the response.
Response::getDate public function Returns the Date header as a DateTime instance.
Response::getLastModified public function Returns the Last-Modified HTTP header as a DateTime instance.
Response::getEtag public function Returns the literal value of the ETag HTTP header.
Response::getMaxAge public function Returns the number of seconds after the time specified in the response's Date header when the response should no longer be considered fresh.
Response::__toString public function Returns the Response as an HTTP string.
Response::getTtl public function Returns the response's time-to-live in seconds.
Response::getExpires public function Returns the value of the Expires header as a DateTime instance.
Response::hasVary public function Returns true if the response includes a Vary header.
Response::isValidateable public function Returns true if the response includes headers that can be used to validate the response with the origin server using a conditional GET request.
Response::isFresh public function Returns true if the response is "fresh".
Response::isCacheable public function Returns true if the response is worth caching under any circumstance.
Response::mustRevalidate public function Returns true if the response must be revalidated by caches.
Response::sendContent public function Sends content for the current web response. 2
Response::send public function Sends HTTP headers and content.
Response::sendHeaders public function Sends HTTP headers.
JsonResponse::setData public function Sets the data to be sent as json.
Response::setDate public function Sets the Date header.
Response::setEtag public function Sets the ETag value.
Response::setExpires public function Sets the Expires HTTP header with a DateTime instance.
Response::setProtocolVersion public function Sets the HTTP protocol version (1.0 or 1.1).
JsonResponse::setCallback public function Sets the JSONP callback.
Response::setLastModified public function Sets the Last-Modified HTTP header with a DateTime instance.
Response::setSharedMaxAge public function Sets the number of seconds after which the response should no longer be considered fresh by shared caches.
Response::setMaxAge public function Sets the number of seconds after which the response should no longer be considered fresh.
Response::setCharset public function Sets the response charset.
Response::setContent public function Sets the response content. 2
Response::setStatusCode public function Sets the response status code.
Response::setCache public function Sets the response's cache headers (validation and/or expiration).
Response::setClientTtl public function Sets the response's time-to-live for private/client caches.
Response::setTtl public function Sets the response's time-to-live for shared caches.
Response::setVary public function Sets the Vary header.
Response::$statusTexts public static property Status codes translation table.
JsonResponse::update protected function Updates the content and headers according to the json data and callback.
Response::isServerError public function Was there a server side error?