Response represents an HTTP response in JSON format.
Note that this class does not force the returned JSON content to be an object. It is however recommended that you do return an object as it protects yourself against XSSI and JSON-JavaScript Hijacking.
@author Igor Wiedler <igor@wiedler.ch>
Expanded class hierarchy of JsonResponse
https://www.owasp.org/index.php/OWASP_AJAX_Security_Guidelines#Always_re...
class JsonResponse extends Response {
protected $data;
protected $callback;
/**
* Constructor.
*
* @param mixed $data The response data
* @param integer $status The response status code
* @param array $headers An array of response headers
*/
public function __construct($data = null, $status = 200, $headers = array()) {
parent::__construct('', $status, $headers);
if (null === $data) {
$data = new \ArrayObject();
}
$this
->setData($data);
}
/**
* {@inheritDoc}
*/
public static function create($data = null, $status = 200, $headers = array()) {
return new static($data, $status, $headers);
}
/**
* Sets the JSONP callback.
*
* @param string $callback
*
* @return JsonResponse
*
* @throws \InvalidArgumentException
*/
public function setCallback($callback = null) {
if (null !== $callback) {
// taken from http://www.geekality.net/2011/08/03/valid-javascript-identifier/
$pattern = '/^[$_\\p{L}][$_\\p{L}\\p{Mn}\\p{Mc}\\p{Nd}\\p{Pc}\\x{200C}\\x{200D}]*+$/u';
$parts = explode('.', $callback);
foreach ($parts as $part) {
if (!preg_match($pattern, $part)) {
throw new \InvalidArgumentException('The callback name is not valid.');
}
}
}
$this->callback = $callback;
return $this
->update();
}
/**
* Sets the data to be sent as json.
*
* @param mixed $data
*
* @return JsonResponse
*/
public function setData($data = array()) {
// Encode <, >, ', &, and " for RFC4627-compliant JSON, which may also be embedded into HTML.
$this->data = json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
return $this
->update();
}
/**
* Updates the content and headers according to the json data and callback.
*
* @return JsonResponse
*/
protected function update() {
if (null !== $this->callback) {
// Not using application/javascript for compatibility reasons with older browsers.
$this->headers
->set('Content-Type', 'text/javascript');
return $this
->setContent(sprintf('%s(%s);', $this->callback, $this->data));
}
// Only set the header when there is none or when it equals 'text/javascript' (from a previous update with callback)
// in order to not overwrite a custom definition.
if (!$this->headers
->has('Content-Type') || 'text/javascript' === $this->headers
->get('Content-Type')) {
$this->headers
->set('Content-Type', 'application/json');
}
return $this
->setContent($this->data);
}
}
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
Response:: |
public | function | Returns the Response as an HTTP string. | |
Response:: |
public | function | Clones the current Response instance. | |
Response:: |
public | function | Sets the Vary header. | |
Response:: |
public | function | Sets the response's time-to-live for shared caches. | |
Response:: |
public | function | Sets the response status code. | |
Response:: |
public | function | Sets the number of seconds after which the response should no longer be considered fresh by shared caches. | |
Response:: |
public | function | Marks the response as "public". | |
Response:: |
public | function | Sets the HTTP protocol version (1.0 or 1.1). | |
Response:: |
public | function | Marks the response as "private". | |
Response:: |
public | function | Modifies the response so that it conforms to the rules defined for a 304 status code. | |
Response:: |
public | function | Sets the number of seconds after which the response should no longer be considered fresh. | |
Response:: |
public | function | Sets the Last-Modified HTTP header with a DateTime instance. | |
Response:: |
public | function | Sets the Expires HTTP header with a DateTime instance. | |
Response:: |
public | function | Sets the ETag value. | |
Response:: |
public | function | Sets the Date header. | |
Response:: |
public | function | Sets the response content. | 2 |
Response:: |
public | function | Sets the response's time-to-live for private/client caches. | |
Response:: |
public | function | Sets the response charset. | |
Response:: |
public | function | Sets the response's cache headers (validation and/or expiration). | |
Response:: |
public | function | Sends HTTP headers. | |
Response:: |
public | function | Sends content for the current web response. | 2 |
Response:: |
public | function | Sends HTTP headers and content. | |
Response:: |
public | function | Prepares the Response before it is sent to the client. | 3 |
Response:: |
public | function | Returns true if the response must be revalidated by caches. | |
Response:: |
public | function | Returns true if the response includes headers that can be used to validate the response with the origin server using a conditional GET request. | |
Response:: |
public | function | Is response successful? | |
Response:: |
public | function | Was there a server side error? | |
Response:: |
public | function | Is the response a redirect? | |
Response:: |
public | function | Is the response a redirect of some form? | |
Response:: |
public | function | Is the response OK? | |
Response:: |
public | function | Determines if the Response validators (ETag, Last-Modified) match a conditional value specified in the Request. | |
Response:: |
public | function | Is the response a not found error? | |
Response:: |
public | function | Is response invalid? | |
Response:: |
public | function | Is response informative? | |
Response:: |
public | function | Returns true if the response is "fresh". | |
Response:: |
public | function | Is the response forbidden? | |
Response:: |
public | function | Is the response empty? | |
Response:: |
public | function | Is there a client error? | |
Response:: |
public | function | Returns true if the response is worth caching under any circumstance. | |
Response:: |
public | function | Returns true if the response includes a Vary header. | |
Response:: |
public | function | Returns an array of header names given in the Vary header. | |
Response:: |
public | function | Returns the response's time-to-live in seconds. | |
Response:: |
public | function | Retrieves the status code for the current web response. | |
Response:: |
public | function | Gets the HTTP protocol version. | |
Response:: |
public | function | Returns the number of seconds after the time specified in the response's Date header when the response should no longer be considered fresh. | |
Response:: |
public | function | Returns the Last-Modified HTTP header as a DateTime instance. | |
Response:: |
public | function | Returns the value of the Expires header as a DateTime instance. | |
Response:: |
public | function | Returns the literal value of the ETag HTTP header. | |
Response:: |
public | function | Returns the Date header as a DateTime instance. | |
Response:: |
public | function | Gets the current response content. | 2 |
Response:: |
public | function | Retrieves the response charset. | |
Response:: |
public | function | Returns the age of the response. | |
Response:: |
public | function | Marks the response stale by setting the Age header to be equal to the maximum age of the response. | |
Response:: |
protected | function | Check if we need to remove Cache-Control for ssl encrypted downloads when using IE < 9 | |
Response:: |
protected | property | ||
Response:: |
public static | property | Status codes translation table. | |
Response:: |
protected | property | ||
Response:: |
protected | property | ||
Response:: |
public | property | ||
Response:: |
protected | property | ||
Response:: |
protected | property | ||
JsonResponse:: |
public | function |
Constructor. Overrides Response:: |
|
JsonResponse:: |
protected | function | Updates the content and headers according to the json data and callback. | |
JsonResponse:: |
public | function | Sets the data to be sent as json. | |
JsonResponse:: |
public | function | Sets the JSONP callback. | |
JsonResponse:: |
public static | function |
Factory method for chainability Overrides Response:: |
|
JsonResponse:: |
protected | property | ||
JsonResponse:: |
protected | property |