SecuredRedirectResponse.php
Same filename in other branches
Namespace
Drupal\Component\HttpFoundationFile
-
core/
lib/ Drupal/ Component/ HttpFoundation/ SecuredRedirectResponse.php
View source
<?php
namespace Drupal\Component\HttpFoundation;
use Symfony\Component\HttpFoundation\RedirectResponse;
/**
* Provides a common base class for safe redirects.
*
* In case you want to redirect to external URLs use
* TrustedRedirectResponse.
*
* For local URLs we use LocalRedirectResponse which opts
* out of external redirects.
*/
abstract class SecuredRedirectResponse extends RedirectResponse {
/**
* Copies an existing redirect response into a safe one.
*
* The safe one cannot accidentally redirect to an external URL, unless
* actively wanted (see TrustedRedirectResponse).
*
* @param \Symfony\Component\HttpFoundation\RedirectResponse $response
* The original redirect.
*
* @return static
*/
public static function createFromRedirectResponse(RedirectResponse $response) {
$safe_response = new static($response->getTargetUrl(), $response->getStatusCode(), $response->headers
->allPreserveCase());
$safe_response->fromResponse($response);
return $safe_response;
}
/**
* Copies over the values from the given response.
*
* @param \Symfony\Component\HttpFoundation\RedirectResponse $response
* The redirect response object.
*/
protected function fromResponse(RedirectResponse $response) {
$this->setProtocolVersion($response->getProtocolVersion());
if ($response->getCharset()) {
$this->setCharset($response->getCharset());
}
// Cookies are separate from other headers and have to be copied over
// directly.
foreach ($response->headers
->getCookies() as $cookie) {
$this->headers
->setCookie($cookie);
}
}
/**
* {@inheritdoc}
*/
public function setTargetUrl($url) {
if (!$this->isSafe($url)) {
throw new \InvalidArgumentException(sprintf('It is not safe to redirect to %s', $url));
}
return parent::setTargetUrl($url);
}
/**
* Returns whether the URL is considered as safe to redirect to.
*
* @param string $url
* The URL checked for safety.
*
* @return bool
*/
protected abstract function isSafe($url);
}
Classes
Title | Deprecated | Summary |
---|---|---|
SecuredRedirectResponse | Provides a common base class for safe redirects. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.