/** * Look at safe requests and handle refresh requests. * * Ignore refresh to let normal lookup happen when the request comes from * a non-authorized client. * * @param CacheEvent $event */ public function handleRefresh(CacheEvent $event) { $request = $event->getRequest(); if (!$request->isMethodSafe() || !$request->isNoCache() || !$this->isRequestAllowed($request)) { return; } $event->setResponse($event->getKernel()->fetch($request)); }
/** * Look at the request before it is handled by the kernel. * * Adds the user hash header to the request. * * Checks if an external request tries tampering with the use context hash mechanism * to prevent attacks. * * @param CacheEvent $event */ public function preHandle(CacheEvent $event) { $request = $event->getRequest(); if (!$this->isInternalRequest($request)) { // Prevent tampering attacks on the hash mechanism if ($request->headers->get('accept') === $this->options['user_hash_accept_header'] || $request->headers->get($this->options['user_hash_header']) !== null) { $event->setResponse(new Response('', 400)); return; } if ($request->isMethodSafe()) { $request->headers->set($this->options['user_hash_header'], $this->getUserHash($event->getKernel(), $request)); } } // let the kernel handle this request. }
/** * Look at unsafe requests and handle purge requests. * * Prevents access when the request comes from a non-authorized client. * * @param CacheEvent $event */ public function handlePurge(CacheEvent $event) { $request = $event->getRequest(); if ($this->options['purge_method'] !== $request->getMethod()) { return; } if (!$this->isRequestAllowed($request)) { $event->setResponse(new Response('', 400)); return; } $response = new Response(); if ($event->getKernel()->getStore()->purge($request->getUri())) { $response->setStatusCode(200, 'Purged'); } else { $response->setStatusCode(200, 'Not found'); } $event->setResponse($response); }
public function preInvalidate(CacheEvent $event) { $this->test->assertSame($this->kernel, $event->getKernel()); $this->test->assertSame($this->request, $event->getRequest()); if ($this->preInvalidateResponse) { $event->setResponse($this->preInvalidateResponse); } ++$this->preInvalidateCalls; }