abstract class SecuredRedirectResponse in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/lib/Drupal/Component/HttpFoundation/SecuredRedirectResponse.php \Drupal\Component\HttpFoundation\SecuredRedirectResponse
Provides a common base class for safe redirects.
In case you want to redirect to external URLs use TrustedRedirectResponse.
For local URLs we use LocalRedirectResponse which opts out of external redirects.
Hierarchy
- class \Symfony\Component\HttpFoundation\Response
- class \Symfony\Component\HttpFoundation\RedirectResponse
- class \Drupal\Component\HttpFoundation\SecuredRedirectResponse
- class \Symfony\Component\HttpFoundation\RedirectResponse
Expanded class hierarchy of SecuredRedirectResponse
3 files declare their use of SecuredRedirectResponse
- CacheableSecuredRedirectResponse.php in core/
lib/ Drupal/ Core/ Routing/ CacheableSecuredRedirectResponse.php - Contains \Drupal\Core\Routing\CacheableSecuredRedirectResponse.
- RedirectResponseSubscriber.php in core/
lib/ Drupal/ Core/ EventSubscriber/ RedirectResponseSubscriber.php - Contains \Drupal\Core\EventSubscriber\RedirectResponseSubscriber.
- SecuredRedirectResponseTest.php in core/
tests/ Drupal/ Tests/ Component/ HttpFoundation/ SecuredRedirectResponseTest.php - Contains \Drupal\Tests\Component\HttpFoundation\SecuredRedirectResponseTest.
File
- core/
lib/ Drupal/ Component/ HttpFoundation/ SecuredRedirectResponse.php, line 21 - Contains \Drupal\Component\HttpFoundation\SecuredRedirectResponse.
Namespace
Drupal\Component\HttpFoundationView source
abstract class SecuredRedirectResponse extends RedirectResponse {
/**
* Copies an existing redirect response into a safe one.
*
* The safe one cannot accidentally redirect to an external URL, unless
* actively wanted (see TrustedRedirectResponse).
*
* @param \Symfony\Component\HttpFoundation\RedirectResponse $response
* The original redirect.
*
* @return static
*/
public static function createFromRedirectResponse(RedirectResponse $response) {
$safe_response = new static($response
->getTargetUrl(), $response
->getStatusCode(), $response->headers
->allPreserveCase());
$safe_response
->fromResponse($response);
return $safe_response;
}
/**
* Copies over the values from the given response.
*
* @param \Symfony\Component\HttpFoundation\RedirectResponse $response
* The redirect reponse object.
*/
protected function fromResponse(RedirectResponse $response) {
$this
->setProtocolVersion($response
->getProtocolVersion());
$this
->setCharset($response
->getCharset());
// Cookies are separate from other headers and have to be copied over
// directly.
foreach ($response->headers
->getCookies() as $cookie) {
$this->headers
->setCookie($cookie);
}
}
/**
* {@inheritdoc}
*/
public function setTargetUrl($url) {
if (!$this
->isSafe($url)) {
throw new \InvalidArgumentException(sprintf('It is not safe to redirect to %s', $url));
}
return parent::setTargetUrl($url);
}
/**
* Returns whether the URL is considered as safe to redirect to.
*
* @param string $url
* The URL checked for safety.
*
* @return bool
*/
protected abstract function isSafe($url);
}
Members
Name![]() |
Modifiers | Type | Description | Overrides |
---|---|---|---|---|
RedirectResponse:: |
protected | property | ||
RedirectResponse:: |
public static | function |
Factory method for chainability. Overrides Response:: |
|
RedirectResponse:: |
public | function | Returns the target URL. | |
RedirectResponse:: |
public | function |
Creates a redirect response so that it conforms to the rules defined for a redirect status code. Overrides Response:: |
1 |
Response:: |
protected | property | ||
Response:: |
protected | property | ||
Response:: |
public | property | ||
Response:: |
protected | property | ||
Response:: |
protected | property | ||
Response:: |
public static | property | Status codes translation table. | |
Response:: |
protected | property | ||
Response:: |
public static | function | Cleans or flushes output buffers up to target level. | |
Response:: |
protected | function | Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9. | |
Response:: |
public | function | Marks the response stale by setting the Age header to be equal to the maximum age of the response. | |
Response:: |
public | function | Returns the age of the response. | |
Response:: |
public | function | Retrieves the response charset. | |
Response:: |
public | function | Gets the current response content. | 2 |
Response:: |
public | function | Returns the Date header as a DateTime instance. | |
Response:: |
public | function | Returns the literal value of the ETag HTTP header. | |
Response:: |
public | function | Returns the value of the Expires header as a DateTime instance. | |
Response:: |
public | function | Returns the Last-Modified HTTP header as a DateTime instance. | |
Response:: |
public | function | Returns the number of seconds after the time specified in the response's Date header when the response should no longer be considered fresh. | |
Response:: |
public | function | Gets the HTTP protocol version. | |
Response:: |
public | function | Retrieves the status code for the current web response. | |
Response:: |
public | function | Returns the response's time-to-live in seconds. | |
Response:: |
public | function | Returns an array of header names given in the Vary header. | |
Response:: |
public | function | Returns true if the response includes a Vary header. | |
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
constant | |||
Response:: |
public | function | Returns true if the response is worth caching under any circumstance. | |
Response:: |
public | function | Is there a client error? | |
Response:: |
public | function | Is the response empty? | |
Response:: |
public | function | Is the response forbidden? | |
Response:: |
public | function | Returns true if the response is "fresh". | |
Response:: |
public | function | Is response informative? | |
Response:: |
public | function | Is response invalid? | |
Response:: |
public | function | Is the response a not found error? | |
Response:: |
public | function | Determines if the Response validators (ETag, Last-Modified) match a conditional value specified in the Request. | |
Response:: |
public | function | Is the response OK? | |
Response:: |
public | function | Is the response a redirect of some form? | |
Response:: |
public | function | Is the response a redirect? | |
Response:: |
public | function | Was there a server side error? | |
Response:: |
public | function | Is response successful? | |
Response:: |
public | function | Returns true if the response includes headers that can be used to validate the response with the origin server using a conditional GET request. | |
Response:: |
public | function | Returns true if the response must be revalidated by caches. | |
Response:: |
public | function | Prepares the Response before it is sent to the client. | 1 |
Response:: |
public | function | Sends HTTP headers and content. | |
Response:: |
public | function | Sends content for the current web response. | 2 |
Response:: |
public | function | Sends HTTP headers. | |
Response:: |
public | function | Sets the response's cache headers (validation and/or expiration). | |
Response:: |
public | function | Sets the response charset. | |
Response:: |
public | function | Sets the response's time-to-live for private/client caches. | |
Response:: |
public | function | Sets the response content. | 3 |
Response:: |
public | function | Sets the Date header. | |
Response:: |
public | function | Sets the ETag value. | |
Response:: |
public | function | Sets the Expires HTTP header with a DateTime instance. | |
Response:: |
public | function | Sets the Last-Modified HTTP header with a DateTime instance. | |
Response:: |
public | function | Sets the number of seconds after which the response should no longer be considered fresh. | |
Response:: |
public | function | Modifies the response so that it conforms to the rules defined for a 304 status code. | |
Response:: |
public | function | Marks the response as "private". | |
Response:: |
public | function | Sets the HTTP protocol version (1.0 or 1.1). | |
Response:: |
public | function | Marks the response as "public". | |
Response:: |
public | function | Sets the number of seconds after which the response should no longer be considered fresh by shared caches. | |
Response:: |
public | function | Sets the response status code. | |
Response:: |
public | function | Sets the response's time-to-live for shared caches. | |
Response:: |
public | function | Sets the Vary header. | |
Response:: |
public | function | Clones the current Response instance. | |
Response:: |
public | function | Returns the Response as an HTTP string. | |
SecuredRedirectResponse:: |
public static | function | Copies an existing redirect response into a safe one. | |
SecuredRedirectResponse:: |
protected | function | Copies over the values from the given response. | 1 |
SecuredRedirectResponse:: |
abstract protected | function | Returns whether the URL is considered as safe to redirect to. | 2 |
SecuredRedirectResponse:: |
public | function |
Sets the redirect target of this response. Overrides RedirectResponse:: |