/**
* Look at safe requests and handle refresh requests.
*
* Ignore refresh to let normal lookup happen when the request comes from
* a non-authorized client.
*
* @param CacheEvent $event
*/
public function handleRefresh(CacheEvent $event)
{
$request = $event->getRequest();
if (!$request->isMethodSafe() || !$request->isNoCache() || !$this->isRequestAllowed($request)) {
return;
}
$event->setResponse($event->getKernel()->fetch($request));
}
/**
* Extract the cache HIT/MISS information from the X-Symfony-Cache header.
*
* For this header to be present, the HttpCache must be created with the
* debug option set to true.
*
* @param CacheEvent $event
*/
public function handleDebug(CacheEvent $event)
{
$response = $event->getResponse();
if ($response->headers->has('X-Symfony-Cache')) {
if (false !== strpos($response->headers->get('X-Symfony-Cache'), 'miss')) {
$state = 'MISS';
} elseif (false !== strpos($response->headers->get('X-Symfony-Cache'), 'fresh')) {
$state = 'HIT';
} else {
$state = 'UNDETERMINED';
}
$response->headers->set('X-Cache', $state);
}
}
/**
* Look at the request before it is handled by the kernel.
*
* Adds the user hash header to the request.
*
* Checks if an external request tries tampering with the use context hash mechanism
* to prevent attacks.
*
* @param CacheEvent $event
*/
public function preHandle(CacheEvent $event)
{
$request = $event->getRequest();
if (!$this->isInternalRequest($request)) {
// Prevent tampering attacks on the hash mechanism
if ($request->headers->get('accept') === $this->options['user_hash_accept_header'] || $request->headers->get($this->options['user_hash_header']) !== null) {
$event->setResponse(new Response('', 400));
return;
}
if ($request->isMethodSafe()) {
$request->headers->set($this->options['user_hash_header'], $this->getUserHash($event->getKernel(), $request));
}
}
// let the kernel handle this request.
}
/**
* Remove the custom TTL header and restore s_maxage from the backup.
*
* @param CacheEvent $e
*/
public function cleanResponse(CacheEvent $e)
{
$response = $e->getResponse();
if (!$response->headers->has($this->ttlHeader) && !$response->headers->has(static::SMAXAGE_BACKUP)) {
return;
}
if ($response->headers->has(static::SMAXAGE_BACKUP)) {
$smaxage = $response->headers->get(static::SMAXAGE_BACKUP);
if ('false' === $smaxage) {
$response->headers->removeCacheControlDirective('s-maxage');
} else {
$response->headers->addCacheControlDirective('s-maxage', $smaxage);
}
}
$response->headers->remove($this->ttlHeader);
$response->headers->remove(static::SMAXAGE_BACKUP);
}
/**
* Look at unsafe requests and handle purge requests.
*
* Prevents access when the request comes from a non-authorized client.
*
* @param CacheEvent $event
*/
public function handlePurge(CacheEvent $event)
{
$request = $event->getRequest();
if ($this->options['purge_method'] !== $request->getMethod()) {
return;
}
if (!$this->isRequestAllowed($request)) {
$event->setResponse(new Response('', 400));
return;
}
$response = new Response();
if ($event->getKernel()->getStore()->purge($request->getUri())) {
$response->setStatusCode(200, 'Purged');
} else {
$response->setStatusCode(200, 'Not found');
}
$event->setResponse($response);
}
public function preInvalidate(CacheEvent $event)
{
$this->test->assertSame($this->kernel, $event->getKernel());
$this->test->assertSame($this->request, $event->getRequest());
if ($this->preInvalidateResponse) {
$event->setResponse($this->preInvalidateResponse);
}
++$this->preInvalidateCalls;
}