It works if your JavaScript library sets an X-Requested-With HTTP header.
It is known to work with common JavaScript frameworks:
| public static isXmlHttpRequest ( ) : boolean | ||
| return | boolean | true if the request is an XMLHttpRequest, false otherwise |
public function sendEmailAction(Request $request)
{
if ($request->isXmlHttpRequest()) {
$data = array();
$response = new \Symfony\Component\HttpFoundation\JsonResponse();
$username = $request->request->get('username');
/** @var $user UserInterface */
$user = $this->container->get('fos_user.user_manager')->findUserByUsernameOrEmail($username);
if (null === $user) {
$data['message'] = $this->trans('resetting.request.invalid_username', array('%username%' => $username));
$response->setData($data)->setStatusCode(400);
return $response;
}
if ($user->isPasswordRequestNonExpired($this->container->getParameter('fos_user.resetting.token_ttl'))) {
$data['message'] = $this->trans('resetting.password_already_requested', array());
$response->setData($data)->setStatusCode(400);
return $response;
}
if (null === $user->getConfirmationToken()) {
/** @var $tokenGenerator \FOS\UserBundle\Util\TokenGeneratorInterface */
$tokenGenerator = $this->container->get('fos_user.util.token_generator');
$user->setConfirmationToken($tokenGenerator->generateToken());
}
$this->container->get('fos_user.mailer')->sendResettingEmailMessage($user);
$user->setPasswordRequestedAt(new \DateTime());
$this->container->get('fos_user.user_manager')->updateUser($user);
$data['message'] = $this->trans('resetting.check_email', array('%email%' => $username));
$response->setData($data);
return $response;
} else {
return parent::sendEmailAction($request);
}
}
public function supprimerAction(Request $request, Categories $categories)
{
$this->denyAccessUnlessGranted('ROLE_MODERATEUR', null, 'Vous n\'avez pas les droits nécessaires');
if (!$request->isXmlHttpRequest()) {
throw new \Exception('Cette resource n\'est pas accessible');
}
return $this->render('SffLiensBundle:Categories:supprimer.html.twig', array('categorie' => $categories));
}
/**
* @param Request $request
*
* @return Response
*/
public function searchAction(Request $req)
{
$typeFilter = $req->get('type');
$tagsFilter = $req->get('tags');
if ($req->has('q') || $typeFilter || $tagsFilter) {
$solarium = new SolariumClient('localhost:8080');
$select = $solarium->createSelect();
// filter by type
if ($typeFilter) {
$filterQueryTerm = sprintf('type:%s', $select->getHelper()->escapeTerm($typeFilter));
$filterQuery = $select->createFilterQuery('type')->setQuery($filterQueryTerm);
$select->addFilterQuery($filterQuery);
}
// filter by tags
if ($tagsFilter) {
$tags = array();
foreach ((array) $tagsFilter as $tag) {
$tags[] = $select->getHelper()->escapeTerm($tag);
}
$filterQueryTerm = sprintf('tags:(%s)', implode(' AND ', $tags));
$filterQuery = $select->createFilterQuery('tags')->setQuery($filterQueryTerm);
$select->addFilterQuery($filterQuery);
}
if ($req->has('q')) {
$escapedQuery = $select->getHelper()->escapeTerm($req->get('q'));
$select->setQuery($escapedQuery);
}
$paginator = new Pagerfanta(new SolariumAdapter($solarium, $select));
$paginator->setMaxPerPage(15);
$paginator->setCurrentPage($req->get('page', 1), false, true);
if ($req->isXmlHttpRequest()) {
try {
return $this->render('ProductBundle:Search:list.html.twig', array('products' => $paginator->getResults(), 'noLayout' => true));
} catch (\Twig_Error_Runtime $e) {
if (!$e->getPrevious() instanceof \Solarium_Client_HttpException) {
throw $e;
}
return new JsonResponse(array('status' => 'error', 'message' => 'Could not connect to the search server'), 500);
}
} else {
return $this->render('ProductBundle:Search:search.html.twig', array('products' => $paginator->getResults()));
}
}
return $this->render('ProductBundle:Search:search.html.twig', array('noLayout' => $req->isXmlHttpRequest()));
}
public function testGet()
{
$req = new Request();
$_GET['test'] = 1;
$this->assertEquals($_GET['test'], $req->test);
$this->assertTrue(isset($req->test));
$this->assertFalse($req->isPost());
$this->assertFalse($req->isXmlHttpRequest());
}
/**
* This is called when an interactive authentication attempt fails. This is
* called by authentication listeners inheriting from
* AbstractAuthenticationListener.
*
* @param Request $request
* @param AuthenticationException $exception
* @return Response the response to return
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
if ($request->isXmlHttpRequest()) {
$result = array('success' => false, 'message' => $exception->getMessage());
$response = new Response(json_encode($result));
$response->headers->set('Content-Type', 'application/json');
return $response;
} else {
echo "Not allowed";
}
}
public function testIsXmlHttpRequest()
{
$this->assertThat($this->object->isXmlHttpRequest(), $this->equalTo(false));
$request = new Request(array(), array(), array(), array('HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'));
$this->assertThat($request->isXmlHttpRequest(), $this->equalTo(true));
}
public function testDetectsXhrFromPost()
{
$req = new Request([], ['X-Requested-With' => 'XMLHttpRequest']);
$this->assertTrue($req->isXmlHttpRequest());
}