public function CdnFarfutureController::download in CDN 8.3
Serves the requested file with optimal far future expiration headers.
@todo Remove in 4.x.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The current request. $request->query must have root_relative_file_url, set by \Drupal\cdn\PathProcessor\CdnFarfuturePathProcessor.
string $security_token: The security token. Ensures that users can not request any file they want by manipulating the URL (they could otherwise request settings.php for example). See https://www.drupal.org/node/1441502.
int $mtime: The file's mtime.
Return value
\Symfony\Component\HttpFoundation\BinaryFileResponse|\Symfony\Component\HttpFoundation\Response The response that will efficiently send the requested file.
Throws
\Symfony\Component\HttpKernel\Exception\BadRequestHttpException Thrown when the 'root_relative_file_url' query argument is not set, which can only happen in case of malicious requests or in case of a malfunction in \Drupal\cdn\PathProcessor\CdnFarfuturePathProcessor.
File
- src/
CdnFarfutureController.php, line 116
Class
Namespace
Drupal\cdnCode
public function download(Request $request, $security_token, $mtime) {
// Ensure \Drupal\cdn\PathProcessor\CdnFarfuturePathProcessor did its job.
if (!$request->query
->has('root_relative_file_url')) {
throw new BadRequestHttpException();
}
// Validate security token.
$root_relative_file_url = $request->query
->get('root_relative_file_url');
$calculated_token = Crypt::hmacBase64($mtime . $root_relative_file_url, $this->privateKey
->get() . Settings::getHashSalt());
if ($security_token !== $calculated_token) {
return new Response('Invalid security token.', 403);
}
// A relative URL for a file contains '%20' instead of spaces. A relative
// file path contains spaces.
$relative_file_path = rawurldecode($root_relative_file_url);
$response = new BinaryFileResponse(substr($relative_file_path, 1), 200, $this
->getFarfutureHeaders(), TRUE, NULL, FALSE, FALSE);
$response
->isNotModified($request);
return $response;
}