isMethodSafe() public method

Checks whether or not the method is safe.
See also: https://tools.ietf.org/html/rfc7231#section-4.2.1
public isMethodSafe ( ) : boolean
return boolean
 /**
  * @param Request $request
  */
 protected function setTargetPath(Request $request)
 {
     // session isn't required when using HTTP basic authentication mechanism for example
     if ($request->hasSession() && $request->isMethodSafe()) {
         $request->getSession()->set('_security.' . $this->providerKey . '.target_path', $request->getUri());
     }
 }
 /**
  * @param Request $request
  * @param bool $override
  */
 public function setIntent(Request $request, $override = false)
 {
     if ($request->hasSession() && $request->isMethodSafe() && !$request->isXmlHttpRequest()) {
         if ($override || false === $this->hasIntent($request)) {
             $request->getSession()->set(self::SESSION_INTENT_KEY, $request->getUri());
         }
     }
 }
Beispiel #3
0
    /**
     * @Tag(expression="'item-'~id")
     */
    public function itemAction(Request $request, $id)
    {
        if (!$request->isMethodSafe()) {
            $this->container->get('fos_http_cache.cache_manager')->invalidateTags(array('all-items'));
        }

        return new Response('Item ' . $id . ' invalidated');
    }
Beispiel #4
0
 protected function setTargetPath(Request $request)
 {
     if ($request->isXmlHttpRequest()) {
         return;
     }
     if ($request->hasSession() && ($request->isMethodSafe() || $request->get('_route') == 'engishop_front_cart_add')) {
         $request->getSession()->set('_security.' . $this->providerKey . '.target_path', $request->getUri());
     }
 }
 public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
 {
     // Forbid direct AUTHENTICATE requests to get user hash
     if ($request->headers->get('X-HTTP-Override') === 'AUTHENTICATE' && $request->headers->get('Accept') === Kernel::USER_HASH_ACCEPT_HEADER) {
         return new Response('', 405);
     }
     if ($request->isMethodSafe()) {
         $request->headers->set('X-User-Hash', $this->kernel->generateUserHash($request));
     }
     return parent::handle($request, $type, $catch);
 }
 public function loginAction(Request $request)
 {
     if (!$this->hasRole('ROLE_USER')) {
         if ($request->hasSession() && $request->isMethodSafe()) {
             $referer = $request->headers->get('referer');
             if (null !== $referer) {
                 $request->getSession()->set('ddr.gitki.manuallogin.targetpath', $referer);
             }
         }
         throw new AuthenticationException();
     }
     if ($request->hasSession() && $request->isMethodSafe()) {
         $targetPath = $request->getSession()->get('ddr.gitki.manuallogin.targetpath');
         $request->getSession()->remove('ddr.gitki.manuallogin.targetpath');
         if (null !== $targetPath) {
             return $this->redirect($targetPath);
         }
     }
     return $this->redirect($this->generateUrl('ddr_gitki_wiki_file', array('path' => '/index.md')));
 }
 protected function validateRequest(Request $request)
 {
     // is the Request safe?
     if (!$request->isMethodSafe()) {
         throw new AccessDeniedHttpException();
     }
     // is the Request signed?
     // we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
     if ($this->signer->check($request->getSchemeAndHttpHost() . $request->getBaseUrl() . $request->getPathInfo() . (null !== ($qs = $request->server->get('QUERY_STRING')) ? '?' . $qs : ''))) {
         return;
     }
     throw new AccessDeniedHttpException();
 }
Beispiel #8
0
 /**
  * Gets the base Twig context.
  *
  * @param Request $request
  *
  * @return array
  */
 private function getContext(Request $request) : array
 {
     $context = ['title' => $this->title, 'description' => $this->description, 'formats' => $this->formats, 'shortName' => null, 'operationId' => null];
     if (!$request->isMethodSafe() || null === ($resourceClass = $request->attributes->get('_api_resource_class'))) {
         return $context;
     }
     $metadata = $this->resourceMetadataFactory->create($resourceClass);
     $context['shortName'] = $metadata->getShortName();
     if (null !== ($collectionOperationName = $request->attributes->get('_api_collection_operation_name'))) {
         $context['operationId'] = sprintf('%s%sCollection', $collectionOperationName, $context['shortName']);
     } elseif (null !== ($itemOperationName = $request->attributes->get('_api_item_operation_name'))) {
         $context['operationId'] = sprintf('%s%sItem', $itemOperationName, $context['shortName']);
     }
     return $context;
 }
 protected function validateRequest(Request $request)
 {
     // is the Request safe?
     if (!$request->isMethodSafe()) {
         throw new AccessDeniedHttpException();
     }
     // does the Request come from a trusted IP?
     $trustedIps = array_merge($this->getLocalIpAddresses(), $request->getTrustedProxies());
     $remoteAddress = $request->server->get('REMOTE_ADDR');
     if (IpUtils::checkIp($remoteAddress, $trustedIps)) {
         return;
     }
     // is the Request signed?
     // we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
     if ($this->signer->check($request->getSchemeAndHttpHost() . $request->getBaseUrl() . $request->getPathInfo() . (null !== ($qs = $request->server->get('QUERY_STRING')) ? '?' . $qs : ''))) {
         return;
     }
     throw new AccessDeniedHttpException();
 }
Beispiel #10
0
 /**
  * @dataProvider methodSafeProvider
  */
 public function testMethodSafe($method, $safe)
 {
     $request = new Request();
     $request->setMethod($method);
     $this->assertEquals($safe, $request->isMethodSafe());
 }
Beispiel #11
0
 /**
  * Handles a Request.
  *
  * @param Request $request A Request instance
  * @param integer $type    The type of the request (one of HttpKernelInterface::MASTER_REQUEST or HttpKernelInterface::SUB_REQUEST)
  * @param Boolean $raw     Whether to catch exceptions or not (this is NOT used in this context)
  *
  * @return Symfony\Component\HttpFoundation\Response A Response instance
  */
 public function handle(Request $request = null, $type = HttpKernelInterface::MASTER_REQUEST, $raw = false)
 {
     // FIXME: catch exceptions and implement a 500 error page here? -> in Varnish, there is a built-in error page mechanism
     if (null === $request) {
         $request = new Request();
     }
     if (HttpKernelInterface::MASTER_REQUEST === $type) {
         $this->traces = array();
         $this->request = $request;
     }
     $this->traces[$request->getMethod() . ' ' . $request->getPathInfo()] = array();
     if (!$request->isMethodSafe($request)) {
         $response = $this->invalidate($request);
     } elseif ($request->headers->has('expect')) {
         $response = $this->pass($request);
     } else {
         $response = $this->lookup($request);
     }
     $response->isNotModified($request);
     if ('head' === strtolower($request->getMethod())) {
         $response->setContent('');
     } else {
         $this->restoreResponseBody($response);
     }
     if (HttpKernelInterface::MASTER_REQUEST === $type && $this->options['debug']) {
         $response->headers->set('X-Symfony-Cache', $this->getLog());
     }
     return $response;
 }
 /**
  * {@inheritdoc}
  */
 public function prepare(\Symfony\Component\HttpFoundation\Request $request)
 {
     $this->headers->set('Content-Length', $this->file->getSize());
     if (!$this->headers->has('Accept-Ranges')) {
         // Only accept ranges on safe HTTP methods
         $this->headers->set('Accept-Ranges', $request->isMethodSafe() ? 'bytes' : 'none');
     }
     if (!$this->headers->has('Content-Type')) {
         $this->headers->set('Content-Type', $this->file->getMimetype() ?: 'application/octet-stream');
     }
     if ('HTTP/1.0' != $request->server->get('SERVER_PROTOCOL')) {
         $this->setProtocolVersion('1.1');
     }
     $this->ensureIEOverSSLCompatibility($request);
     $this->offset = 0;
     $this->maxlen = -1;
     if ($request->headers->has('Range')) {
         // Process the range headers.
         if (!$request->headers->has('If-Range') || $this->getEtag() == $request->headers->get('If-Range')) {
             $range = $request->headers->get('Range');
             $fileSize = $this->file->getSize();
             list($start, $end) = explode('-', substr($range, 6), 2) + array(0);
             $end = '' === $end ? $fileSize - 1 : (int) $end;
             if ('' === $start) {
                 $start = $fileSize - $end;
                 $end = $fileSize - 1;
             } else {
                 $start = (int) $start;
             }
             if ($start <= $end) {
                 if ($start < 0 || $end > $fileSize - 1) {
                     $this->setStatusCode(416);
                 } elseif ($start !== 0 || $end !== $fileSize - 1) {
                     $this->maxlen = $end < $fileSize ? $end - $start + 1 : -1;
                     $this->offset = $start;
                     $this->setStatusCode(206);
                     $this->headers->set('Content-Range', sprintf('bytes %s-%s/%s', $start, $end, $fileSize));
                     $this->headers->set('Content-Length', $end - $start + 1);
                 }
             }
         }
     }
     return $this;
 }
Beispiel #13
0
 /**
  * @param Request $request
  */
 protected function setTargetPath(Request $request)
 {
     // session isn't required when using HTTP basic authentication mechanism for example
     if ($request->hasSession() && $request->isMethodSafe() && !$request->isXmlHttpRequest()) {
         $this->saveTargetPath($request->getSession(), $this->providerKey, $request->getUri());
     }
 }
 /**
  * Decide whether to even look for matching rules with the current request.
  *
  * @param Request $request
  *
  * @return bool True if the request is safe and headers can be set
  */
 protected function isRequestSafe(Request $request)
 {
     return $request->isMethodSafe();
 }
Beispiel #15
0
 /**
  * @group legacy
  * @expectedDeprecation Checking only for cacheable HTTP methods with Symfony\Component\HttpFoundation\Request::isMethodSafe() is deprecated since version 3.2 and will throw an exception in 4.0. Disable checking only for cacheable methods by calling the method with `false` as first argument or use the Request::isMethodCacheable() instead.
  */
 public function testMethodSafeChecksCacheable()
 {
     $request = new Request();
     $request->setMethod('OPTIONS');
     $this->assertFalse($request->isMethodSafe());
 }
 /**
  * {@inheritdoc}
  */
 public function check(Request $request)
 {
     if ($this->isCli() || !$request->isMethodSafe()) {
         return static::DENY;
     }
 }
Beispiel #17
0
 /**
  * {@inheritdoc}
  *
  * @api
  */
 public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
 {
     // FIXME: catch exceptions and implement a 500 error page here? -> in Varnish, there is a built-in error page mechanism
     if (HttpKernelInterface::MASTER_REQUEST === $type) {
         $this->traces = array();
         $this->request = $request;
         if (null !== $this->surrogate) {
             $this->surrogateCacheStrategy = $this->surrogate->createCacheStrategy();
         }
     }
     $path = $request->getPathInfo();
     if ($qs = $request->getQueryString()) {
         $path .= '?' . $qs;
     }
     $this->traces[$request->getMethod() . ' ' . $path] = array();
     if (!$request->isMethodSafe()) {
         $response = $this->invalidate($request, $catch);
     } elseif ($request->headers->has('expect')) {
         $response = $this->pass($request, $catch);
     } else {
         $response = $this->lookup($request, $catch);
     }
     $this->restoreResponseBody($request, $response);
     $response->setDate(new \DateTime(null, new \DateTimeZone('UTC')));
     if (HttpKernelInterface::MASTER_REQUEST === $type && $this->options['debug']) {
         $response->headers->set('X-Symfony-Cache', $this->getLog());
     }
     if (null !== $this->surrogate) {
         if (HttpKernelInterface::MASTER_REQUEST === $type) {
             $this->surrogateCacheStrategy->update($response);
         } else {
             $this->surrogateCacheStrategy->add($response);
         }
     }
     $response->prepare($request);
     $response->isNotModified($request);
     return $response;
 }
Beispiel #18
0
 /**
  * {@inheritdoc}
  */
 public function prepare(Request $request)
 {
     $this->headers->set('Content-Length', $this->file->getSize());
     if (!$this->headers->has('Accept-Ranges')) {
         // Only accept ranges on safe HTTP methods
         $this->headers->set('Accept-Ranges', $request->isMethodSafe() ? 'bytes' : 'none');
     }
     if (!$this->headers->has('Content-Type')) {
         $this->headers->set('Content-Type', $this->file->getMimeType() ?: 'application/octet-stream');
     }
     if ('HTTP/1.0' != $request->server->get('SERVER_PROTOCOL')) {
         $this->setProtocolVersion('1.1');
     }
     $this->ensureIEOverSSLCompatibility($request);
     $this->offset = 0;
     $this->maxlen = -1;
     if (self::$trustXSendfileTypeHeader && $request->headers->has('X-Sendfile-Type')) {
         // Use X-Sendfile, do not send any content.
         $type = $request->headers->get('X-Sendfile-Type');
         $path = $this->file->getRealPath();
         // Fall back to scheme://path for stream wrapped locations.
         if (false === $path) {
             $path = $this->file->getPathname();
         }
         if (strtolower($type) == 'x-accel-redirect') {
             // Do X-Accel-Mapping substitutions.
             // @link http://wiki.nginx.org/X-accel#X-Accel-Redirect
             foreach (explode(',', $request->headers->get('X-Accel-Mapping', '')) as $mapping) {
                 $mapping = explode('=', $mapping, 2);
                 if (2 == count($mapping)) {
                     $pathPrefix = trim($mapping[0]);
                     $location = trim($mapping[1]);
                     if (substr($path, 0, strlen($pathPrefix)) == $pathPrefix) {
                         $path = $location . substr($path, strlen($pathPrefix));
                         break;
                     }
                 }
             }
         }
         $this->headers->set($type, $path);
         $this->maxlen = 0;
     } elseif ($request->headers->has('Range')) {
         // Process the range headers.
         if (!$request->headers->has('If-Range') || $this->getEtag() == $request->headers->get('If-Range')) {
             $range = $request->headers->get('Range');
             $fileSize = $this->file->getSize();
             list($start, $end) = explode('-', substr($range, 6), 2) + array(0);
             $end = '' === $end ? $fileSize - 1 : (int) $end;
             if ('' === $start) {
                 $start = $fileSize - $end;
                 $end = $fileSize - 1;
             } else {
                 $start = (int) $start;
             }
             if ($start <= $end) {
                 if ($start < 0 || $end > $fileSize - 1) {
                     $this->setStatusCode(416);
                 } elseif ($start !== 0 || $end !== $fileSize - 1) {
                     $this->maxlen = $end < $fileSize ? $end - $start + 1 : -1;
                     $this->offset = $start;
                     $this->setStatusCode(206);
                     $this->headers->set('Content-Range', sprintf('bytes %s-%s/%s', $start, $end, $fileSize));
                     $this->headers->set('Content-Length', $end - $start + 1);
                 }
             }
         }
     }
     return $this;
 }
Beispiel #19
0
 /**
  * Determines the format to respond in.
  *
  * Respects the requested format if one is specified. However, it is common to
  * forget to specify a request format in case of a POST or PATCH. Rather than
  * simply throwing an error, we apply the robustness principle: when POSTing
  * or PATCHing using a certain format, you probably expect a response in that
  * same format.
  *
  * @param \Drupal\Core\Routing\RouteMatchInterface $route_match
  *   The current route match.
  * @param \Symfony\Component\HttpFoundation\Request $request
  *   The current request.
  *
  * @return string
  *   The response format.
  */
 protected function getResponseFormat(RouteMatchInterface $route_match, Request $request)
 {
     $route = $route_match->getRouteObject();
     $acceptable_request_formats = $route->hasRequirement('_format') ? explode('|', $route->getRequirement('_format')) : [];
     $acceptable_content_type_formats = $route->hasRequirement('_content_type_format') ? explode('|', $route->getRequirement('_content_type_format')) : [];
     $acceptable_formats = $request->isMethodSafe() ? $acceptable_request_formats : $acceptable_content_type_formats;
     $requested_format = $request->getRequestFormat();
     $content_type_format = $request->getContentType();
     // If an acceptable format is requested, then use that. Otherwise, including
     // and particularly when the client forgot to specify a format, then use
     // heuristics to select the format that is most likely expected.
     if (in_array($requested_format, $acceptable_formats)) {
         return $requested_format;
     } elseif (!empty($request->getContent()) && in_array($content_type_format, $acceptable_content_type_formats)) {
         return $content_type_format;
     } elseif (!empty($acceptable_formats)) {
         return $acceptable_formats[0];
     } else {
         return NULL;
     }
 }