You are here

Home » API reference » Zircon Profile 8 » SecuredRedirectResponse.php

abstract class SecuredRedirectResponse in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/lib/Drupal/Component/HttpFoundation/SecuredRedirectResponse.php \Drupal\Component\HttpFoundation\SecuredRedirectResponse

Provides a common base class for safe redirects.

In case you want to redirect to external URLs use TrustedRedirectResponse.

For local URLs we use LocalRedirectResponse which opts out of external redirects.

Hierarchy

Expanded class hierarchy of SecuredRedirectResponse

3 files declare their use of SecuredRedirectResponse
CacheableSecuredRedirectResponse.php in core/lib/Drupal/Core/Routing/CacheableSecuredRedirectResponse.php
Contains \Drupal\Core\Routing\CacheableSecuredRedirectResponse.
RedirectResponseSubscriber.php in core/lib/Drupal/Core/EventSubscriber/RedirectResponseSubscriber.php
Contains \Drupal\Core\EventSubscriber\RedirectResponseSubscriber.
SecuredRedirectResponseTest.php in core/tests/Drupal/Tests/Component/HttpFoundation/SecuredRedirectResponseTest.php
Contains \Drupal\Tests\Component\HttpFoundation\SecuredRedirectResponseTest.

File

core/lib/Drupal/Component/HttpFoundation/SecuredRedirectResponse.php, line 21
Contains \Drupal\Component\HttpFoundation\SecuredRedirectResponse.

Namespace

Drupal\Component\HttpFoundation
View source 
abstract class SecuredRedirectResponse extends RedirectResponse {

  /**
   * Copies an existing redirect response into a safe one.
   *
   * The safe one cannot accidentally redirect to an external URL, unless
   * actively wanted (see TrustedRedirectResponse).
   *
   * @param \Symfony\Component\HttpFoundation\RedirectResponse $response
   *   The original redirect.
   *
   * @return static
   */
  public static function createFromRedirectResponse(RedirectResponse $response) {
    $safe_response = new static($response
      ->getTargetUrl(), $response
      ->getStatusCode(), $response->headers
      ->allPreserveCase());
    $safe_response
      ->fromResponse($response);
    return $safe_response;
  }

  /**
   * Copies over the values from the given response.
   *
   * @param \Symfony\Component\HttpFoundation\RedirectResponse $response
   *   The redirect reponse object.
   */
  protected function fromResponse(RedirectResponse $response) {
    $this
      ->setProtocolVersion($response
      ->getProtocolVersion());
    $this
      ->setCharset($response
      ->getCharset());

    // Cookies are separate from other headers and have to be copied over
    // directly.
    foreach ($response->headers
      ->getCookies() as $cookie) {
      $this->headers
        ->setCookie($cookie);
    }
  }

  /**
   * {@inheritdoc}
   */
  public function setTargetUrl($url) {
    if (!$this
      ->isSafe($url)) {
      throw new \InvalidArgumentException(sprintf('It is not safe to redirect to %s', $url));
    }
    return parent::setTargetUrl($url);
  }

  /**
   * Returns whether the URL is considered as safe to redirect to.
   *
   * @param string $url
   *   The URL checked for safety.
   *
   * @return bool
   */
  protected abstract function isSafe($url);

}

Members

Namesort descending Modifiers Type Description Overrides
RedirectResponse::$targetUrl protected property
RedirectResponse::create public static function Factory method for chainability. Overrides Response::create
RedirectResponse::getTargetUrl public function Returns the target URL.
RedirectResponse::__construct public function Creates a redirect response so that it conforms to the rules defined for a redirect status code. Overrides Response::__construct 1
Response::$charset protected property
Response::$content protected property
Response::$headers public property
Response::$statusCode protected property
Response::$statusText protected property
Response::$statusTexts public static property Status codes translation table.
Response::$version protected property
Response::closeOutputBuffers public static function Cleans or flushes output buffers up to target level.
Response::ensureIEOverSSLCompatibility protected function Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9.
Response::expire public function Marks the response stale by setting the Age header to be equal to the maximum age of the response.
Response::getAge public function Returns the age of the response.
Response::getCharset public function Retrieves the response charset.
Response::getContent public function Gets the current response content. 2
Response::getDate public function Returns the Date header as a DateTime instance.
Response::getEtag public function Returns the literal value of the ETag HTTP header.
Response::getExpires public function Returns the value of the Expires header as a DateTime instance.
Response::getLastModified public function Returns the Last-Modified HTTP header as a DateTime instance.
Response::getMaxAge public function Returns the number of seconds after the time specified in the response's Date header when the response should no longer be considered fresh.
Response::getProtocolVersion public function Gets the HTTP protocol version.
Response::getStatusCode public function Retrieves the status code for the current web response.
Response::getTtl public function Returns the response's time-to-live in seconds.
Response::getVary public function Returns an array of header names given in the Vary header.
Response::hasVary public function Returns true if the response includes a Vary header.
Response::HTTP_ACCEPTED constant
Response::HTTP_ALREADY_REPORTED constant
Response::HTTP_BAD_GATEWAY constant
Response::HTTP_BAD_REQUEST constant
Response::HTTP_CONFLICT constant
Response::HTTP_CONTINUE constant
Response::HTTP_CREATED constant
Response::HTTP_EXPECTATION_FAILED constant
Response::HTTP_FAILED_DEPENDENCY constant
Response::HTTP_FORBIDDEN constant
Response::HTTP_FOUND constant
Response::HTTP_GATEWAY_TIMEOUT constant
Response::HTTP_GONE constant
Response::HTTP_IM_USED constant
Response::HTTP_INSUFFICIENT_STORAGE constant
Response::HTTP_INTERNAL_SERVER_ERROR constant
Response::HTTP_I_AM_A_TEAPOT constant
Response::HTTP_LENGTH_REQUIRED constant
Response::HTTP_LOCKED constant
Response::HTTP_LOOP_DETECTED constant
Response::HTTP_METHOD_NOT_ALLOWED constant
Response::HTTP_MOVED_PERMANENTLY constant
Response::HTTP_MULTIPLE_CHOICES constant
Response::HTTP_MULTI_STATUS constant
Response::HTTP_NETWORK_AUTHENTICATION_REQUIRED constant
Response::HTTP_NON_AUTHORITATIVE_INFORMATION constant
Response::HTTP_NOT_ACCEPTABLE constant
Response::HTTP_NOT_EXTENDED constant
Response::HTTP_NOT_FOUND constant
Response::HTTP_NOT_IMPLEMENTED constant
Response::HTTP_NOT_MODIFIED constant
Response::HTTP_NO_CONTENT constant
Response::HTTP_OK constant
Response::HTTP_PARTIAL_CONTENT constant
Response::HTTP_PAYMENT_REQUIRED constant
Response::HTTP_PERMANENTLY_REDIRECT constant
Response::HTTP_PRECONDITION_FAILED constant
Response::HTTP_PRECONDITION_REQUIRED constant
Response::HTTP_PROCESSING constant
Response::HTTP_PROXY_AUTHENTICATION_REQUIRED constant
Response::HTTP_REQUESTED_RANGE_NOT_SATISFIABLE constant
Response::HTTP_REQUEST_ENTITY_TOO_LARGE constant
Response::HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE constant
Response::HTTP_REQUEST_TIMEOUT constant
Response::HTTP_REQUEST_URI_TOO_LONG constant
Response::HTTP_RESERVED constant
Response::HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL constant
Response::HTTP_RESET_CONTENT constant
Response::HTTP_SEE_OTHER constant
Response::HTTP_SERVICE_UNAVAILABLE constant
Response::HTTP_SWITCHING_PROTOCOLS constant
Response::HTTP_TEMPORARY_REDIRECT constant
Response::HTTP_TOO_MANY_REQUESTS constant
Response::HTTP_UNAUTHORIZED constant
Response::HTTP_UNPROCESSABLE_ENTITY constant
Response::HTTP_UNSUPPORTED_MEDIA_TYPE constant
Response::HTTP_UPGRADE_REQUIRED constant
Response::HTTP_USE_PROXY constant
Response::HTTP_VARIANT_ALSO_NEGOTIATES_EXPERIMENTAL constant
Response::HTTP_VERSION_NOT_SUPPORTED constant
Response::isCacheable public function Returns true if the response is worth caching under any circumstance.
Response::isClientError public function Is there a client error?
Response::isEmpty public function Is the response empty?
Response::isForbidden public function Is the response forbidden?
Response::isFresh public function Returns true if the response is "fresh".
Response::isInformational public function Is response informative?
Response::isInvalid public function Is response invalid?
Response::isNotFound public function Is the response a not found error?
Response::isNotModified public function Determines if the Response validators (ETag, Last-Modified) match a conditional value specified in the Request.
Response::isOk public function Is the response OK?
Response::isRedirect public function Is the response a redirect of some form?
Response::isRedirection public function Is the response a redirect?
Response::isServerError public function Was there a server side error?
Response::isSuccessful public function Is response successful?
Response::isValidateable public function Returns true if the response includes headers that can be used to validate the response with the origin server using a conditional GET request.
Response::mustRevalidate public function Returns true if the response must be revalidated by caches.
Response::prepare public function Prepares the Response before it is sent to the client. 1
Response::send public function Sends HTTP headers and content.
Response::sendContent public function Sends content for the current web response. 2
Response::sendHeaders public function Sends HTTP headers.
Response::setCache public function Sets the response's cache headers (validation and/or expiration).
Response::setCharset public function Sets the response charset.
Response::setClientTtl public function Sets the response's time-to-live for private/client caches.
Response::setContent public function Sets the response content. 3
Response::setDate public function Sets the Date header.
Response::setEtag public function Sets the ETag value.
Response::setExpires public function Sets the Expires HTTP header with a DateTime instance.
Response::setLastModified public function Sets the Last-Modified HTTP header with a DateTime instance.
Response::setMaxAge public function Sets the number of seconds after which the response should no longer be considered fresh.
Response::setNotModified public function Modifies the response so that it conforms to the rules defined for a 304 status code.
Response::setPrivate public function Marks the response as "private".
Response::setProtocolVersion public function Sets the HTTP protocol version (1.0 or 1.1).
Response::setPublic public function Marks the response as "public".
Response::setSharedMaxAge public function Sets the number of seconds after which the response should no longer be considered fresh by shared caches.
Response::setStatusCode public function Sets the response status code.
Response::setTtl public function Sets the response's time-to-live for shared caches.
Response::setVary public function Sets the Vary header.
Response::__clone public function Clones the current Response instance.
Response::__toString public function Returns the Response as an HTTP string.
SecuredRedirectResponse::createFromRedirectResponse public static function Copies an existing redirect response into a safe one.
SecuredRedirectResponse::fromResponse protected function Copies over the values from the given response. 1
SecuredRedirectResponse::isSafe abstract protected function Returns whether the URL is considered as safe to redirect to. 2
SecuredRedirectResponse::setTargetUrl public function Sets the redirect target of this response. Overrides RedirectResponse::setTargetUrl