class SecuredRedirectResponse
Same name in other branches
- 8.9.x core/lib/Drupal/Component/HttpFoundation/SecuredRedirectResponse.php \Drupal\Component\HttpFoundation\SecuredRedirectResponse
- 10 core/lib/Drupal/Component/HttpFoundation/SecuredRedirectResponse.php \Drupal\Component\HttpFoundation\SecuredRedirectResponse
- 11.x core/lib/Drupal/Component/HttpFoundation/SecuredRedirectResponse.php \Drupal\Component\HttpFoundation\SecuredRedirectResponse
Provides a common base class for safe redirects.
In case you want to redirect to external URLs use TrustedRedirectResponse.
For local URLs we use LocalRedirectResponse which opts out of external redirects.
Hierarchy
- class \Drupal\Component\HttpFoundation\SecuredRedirectResponse extends \Symfony\Component\HttpFoundation\RedirectResponse
Expanded class hierarchy of SecuredRedirectResponse
3 files declare their use of SecuredRedirectResponse
- CacheableSecuredRedirectResponse.php in core/
lib/ Drupal/ Core/ Routing/ CacheableSecuredRedirectResponse.php - RedirectResponseSubscriber.php in core/
lib/ Drupal/ Core/ EventSubscriber/ RedirectResponseSubscriber.php - SecuredRedirectResponseTest.php in core/
tests/ Drupal/ Tests/ Component/ HttpFoundation/ SecuredRedirectResponseTest.php - Contains \Drupal\Tests\Component\HttpFoundation\SecuredRedirectResponseTest.
File
-
core/
lib/ Drupal/ Component/ HttpFoundation/ SecuredRedirectResponse.php, line 16
Namespace
Drupal\Component\HttpFoundationView source
abstract class SecuredRedirectResponse extends RedirectResponse {
/**
* Copies an existing redirect response into a safe one.
*
* The safe one cannot accidentally redirect to an external URL, unless
* actively wanted (see TrustedRedirectResponse).
*
* @param \Symfony\Component\HttpFoundation\RedirectResponse $response
* The original redirect.
*
* @return static
*/
public static function createFromRedirectResponse(RedirectResponse $response) {
$safe_response = new static($response->getTargetUrl(), $response->getStatusCode(), $response->headers
->allPreserveCase());
$safe_response->fromResponse($response);
return $safe_response;
}
/**
* Copies over the values from the given response.
*
* @param \Symfony\Component\HttpFoundation\RedirectResponse $response
* The redirect response object.
*/
protected function fromResponse(RedirectResponse $response) {
$this->setProtocolVersion($response->getProtocolVersion());
if ($response->getCharset()) {
$this->setCharset($response->getCharset());
}
// Cookies are separate from other headers and have to be copied over
// directly.
foreach ($response->headers
->getCookies() as $cookie) {
$this->headers
->setCookie($cookie);
}
}
/**
* {@inheritdoc}
*/
public function setTargetUrl($url) {
if (!$this->isSafe($url)) {
throw new \InvalidArgumentException(sprintf('It is not safe to redirect to %s', $url));
}
return parent::setTargetUrl($url);
}
/**
* Returns whether the URL is considered as safe to redirect to.
*
* @param string $url
* The URL checked for safety.
*
* @return bool
*/
protected abstract function isSafe($url);
}
Members
Title Sort descending | Modifiers | Object type | Summary | Overrides |
---|---|---|---|---|
SecuredRedirectResponse::createFromRedirectResponse | public static | function | Copies an existing redirect response into a safe one. | |
SecuredRedirectResponse::fromResponse | protected | function | Copies over the values from the given response. | 1 |
SecuredRedirectResponse::isSafe | abstract protected | function | Returns whether the URL is considered as safe to redirect to. | 2 |
SecuredRedirectResponse::setTargetUrl | public | function |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.