Response.php 37 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  10. namespace Symfony\Component\HttpFoundation;
  11. // Help opcache.preload discover always-needed symbols
  12. class_exists(ResponseHeaderBag::class);
  13. /**
  14. * Response represents an HTTP response.
  15. *
  16. * @author Fabien Potencier <fabien@symfony.com>
  17. */
  18. class Response
  19. {
  20. public const HTTP_CONTINUE = 100;
  21. public const HTTP_SWITCHING_PROTOCOLS = 101;
  22. public const HTTP_PROCESSING = 102; // RFC2518
  23. public const HTTP_EARLY_HINTS = 103; // RFC8297
  24. public const HTTP_OK = 200;
  25. public const HTTP_CREATED = 201;
  26. public const HTTP_ACCEPTED = 202;
  27. public const HTTP_NON_AUTHORITATIVE_INFORMATION = 203;
  28. public const HTTP_NO_CONTENT = 204;
  29. public const HTTP_RESET_CONTENT = 205;
  30. public const HTTP_PARTIAL_CONTENT = 206;
  31. public const HTTP_MULTI_STATUS = 207; // RFC4918
  32. public const HTTP_ALREADY_REPORTED = 208; // RFC5842
  33. public const HTTP_IM_USED = 226; // RFC3229
  34. public const HTTP_MULTIPLE_CHOICES = 300;
  35. public const HTTP_MOVED_PERMANENTLY = 301;
  36. public const HTTP_FOUND = 302;
  37. public const HTTP_SEE_OTHER = 303;
  38. public const HTTP_NOT_MODIFIED = 304;
  39. public const HTTP_USE_PROXY = 305;
  40. public const HTTP_RESERVED = 306;
  41. public const HTTP_TEMPORARY_REDIRECT = 307;
  42. public const HTTP_PERMANENTLY_REDIRECT = 308; // RFC7238
  43. public const HTTP_BAD_REQUEST = 400;
  44. public const HTTP_UNAUTHORIZED = 401;
  45. public const HTTP_PAYMENT_REQUIRED = 402;
  46. public const HTTP_FORBIDDEN = 403;
  47. public const HTTP_NOT_FOUND = 404;
  48. public const HTTP_METHOD_NOT_ALLOWED = 405;
  49. public const HTTP_NOT_ACCEPTABLE = 406;
  50. public const HTTP_PROXY_AUTHENTICATION_REQUIRED = 407;
  51. public const HTTP_REQUEST_TIMEOUT = 408;
  52. public const HTTP_CONFLICT = 409;
  53. public const HTTP_GONE = 410;
  54. public const HTTP_LENGTH_REQUIRED = 411;
  55. public const HTTP_PRECONDITION_FAILED = 412;
  56. public const HTTP_REQUEST_ENTITY_TOO_LARGE = 413;
  57. public const HTTP_REQUEST_URI_TOO_LONG = 414;
  58. public const HTTP_UNSUPPORTED_MEDIA_TYPE = 415;
  59. public const HTTP_REQUESTED_RANGE_NOT_SATISFIABLE = 416;
  60. public const HTTP_EXPECTATION_FAILED = 417;
  61. public const HTTP_I_AM_A_TEAPOT = 418; // RFC2324
  62. public const HTTP_MISDIRECTED_REQUEST = 421; // RFC7540
  63. public const HTTP_UNPROCESSABLE_ENTITY = 422; // RFC4918
  64. public const HTTP_LOCKED = 423; // RFC4918
  65. public const HTTP_FAILED_DEPENDENCY = 424; // RFC4918
  66. public const HTTP_TOO_EARLY = 425; // RFC-ietf-httpbis-replay-04
  67. public const HTTP_UPGRADE_REQUIRED = 426; // RFC2817
  68. public const HTTP_PRECONDITION_REQUIRED = 428; // RFC6585
  69. public const HTTP_TOO_MANY_REQUESTS = 429; // RFC6585
  70. public const HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE = 431; // RFC6585
  71. public const HTTP_UNAVAILABLE_FOR_LEGAL_REASONS = 451; // RFC7725
  72. public const HTTP_INTERNAL_SERVER_ERROR = 500;
  73. public const HTTP_NOT_IMPLEMENTED = 501;
  74. public const HTTP_BAD_GATEWAY = 502;
  75. public const HTTP_SERVICE_UNAVAILABLE = 503;
  76. public const HTTP_GATEWAY_TIMEOUT = 504;
  77. public const HTTP_VERSION_NOT_SUPPORTED = 505;
  78. public const HTTP_VARIANT_ALSO_NEGOTIATES_EXPERIMENTAL = 506; // RFC2295
  79. public const HTTP_INSUFFICIENT_STORAGE = 507; // RFC4918
  80. public const HTTP_LOOP_DETECTED = 508; // RFC5842
  81. public const HTTP_NOT_EXTENDED = 510; // RFC2774
  82. public const HTTP_NETWORK_AUTHENTICATION_REQUIRED = 511; // RFC6585
  83. /**
  84. * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
  85. */
  86. private const HTTP_RESPONSE_CACHE_CONTROL_DIRECTIVES = [
  87. 'must_revalidate' => false,
  88. 'no_cache' => false,
  89. 'no_store' => false,
  90. 'no_transform' => false,
  91. 'public' => false,
  92. 'private' => false,
  93. 'proxy_revalidate' => false,
  94. 'max_age' => true,
  95. 's_maxage' => true,
  96. 'immutable' => false,
  97. 'last_modified' => true,
  98. 'etag' => true,
  99. ];
  100. /**
  101. * @var ResponseHeaderBag
  102. */
  103. public $headers;
  104. /**
  105. * @var string
  106. */
  107. protected $content;
  108. /**
  109. * @var string
  110. */
  111. protected $version;
  112. /**
  113. * @var int
  114. */
  115. protected $statusCode;
  116. /**
  117. * @var string
  118. */
  119. protected $statusText;
  120. /**
  121. * @var string
  122. */
  123. protected $charset;
  124. /**
  125. * Status codes translation table.
  126. *
  127. * The list of codes is complete according to the
  128. * {@link https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml Hypertext Transfer Protocol (HTTP) Status Code Registry}
  129. * (last updated 2021-10-01).
  130. *
  131. * Unless otherwise noted, the status code is defined in RFC2616.
  132. *
  133. * @var array
  134. */
  135. public static $statusTexts = [
  136. 100 => 'Continue',
  137. 101 => 'Switching Protocols',
  138. 102 => 'Processing', // RFC2518
  139. 103 => 'Early Hints',
  140. 200 => 'OK',
  141. 201 => 'Created',
  142. 202 => 'Accepted',
  143. 203 => 'Non-Authoritative Information',
  144. 204 => 'No Content',
  145. 205 => 'Reset Content',
  146. 206 => 'Partial Content',
  147. 207 => 'Multi-Status', // RFC4918
  148. 208 => 'Already Reported', // RFC5842
  149. 226 => 'IM Used', // RFC3229
  150. 300 => 'Multiple Choices',
  151. 301 => 'Moved Permanently',
  152. 302 => 'Found',
  153. 303 => 'See Other',
  154. 304 => 'Not Modified',
  155. 305 => 'Use Proxy',
  156. 307 => 'Temporary Redirect',
  157. 308 => 'Permanent Redirect', // RFC7238
  158. 400 => 'Bad Request',
  159. 401 => 'Unauthorized',
  160. 402 => 'Payment Required',
  161. 403 => 'Forbidden',
  162. 404 => 'Not Found',
  163. 405 => 'Method Not Allowed',
  164. 406 => 'Not Acceptable',
  165. 407 => 'Proxy Authentication Required',
  166. 408 => 'Request Timeout',
  167. 409 => 'Conflict',
  168. 410 => 'Gone',
  169. 411 => 'Length Required',
  170. 412 => 'Precondition Failed',
  171. 413 => 'Content Too Large', // RFC-ietf-httpbis-semantics
  172. 414 => 'URI Too Long',
  173. 415 => 'Unsupported Media Type',
  174. 416 => 'Range Not Satisfiable',
  175. 417 => 'Expectation Failed',
  176. 418 => 'I\'m a teapot', // RFC2324
  177. 421 => 'Misdirected Request', // RFC7540
  178. 422 => 'Unprocessable Content', // RFC-ietf-httpbis-semantics
  179. 423 => 'Locked', // RFC4918
  180. 424 => 'Failed Dependency', // RFC4918
  181. 425 => 'Too Early', // RFC-ietf-httpbis-replay-04
  182. 426 => 'Upgrade Required', // RFC2817
  183. 428 => 'Precondition Required', // RFC6585
  184. 429 => 'Too Many Requests', // RFC6585
  185. 431 => 'Request Header Fields Too Large', // RFC6585
  186. 451 => 'Unavailable For Legal Reasons', // RFC7725
  187. 500 => 'Internal Server Error',
  188. 501 => 'Not Implemented',
  189. 502 => 'Bad Gateway',
  190. 503 => 'Service Unavailable',
  191. 504 => 'Gateway Timeout',
  192. 505 => 'HTTP Version Not Supported',
  193. 506 => 'Variant Also Negotiates', // RFC2295
  194. 507 => 'Insufficient Storage', // RFC4918
  195. 508 => 'Loop Detected', // RFC5842
  196. 510 => 'Not Extended', // RFC2774
  197. 511 => 'Network Authentication Required', // RFC6585
  198. ];
  199. /**
  200. * @throws \InvalidArgumentException When the HTTP status code is not valid
  201. */
  202. public function __construct(?string $content = '', int $status = 200, array $headers = [])
  203. {
  204. $this->headers = new ResponseHeaderBag($headers);
  205. $this->setContent($content);
  206. $this->setStatusCode($status);
  207. $this->setProtocolVersion('1.0');
  208. }
  209. /**
  210. * Factory method for chainability.
  211. *
  212. * Example:
  213. *
  214. * return Response::create($body, 200)
  215. * ->setSharedMaxAge(300);
  216. *
  217. * @return static
  218. *
  219. * @deprecated since Symfony 5.1, use __construct() instead.
  220. */
  221. public static function create(?string $content = '', int $status = 200, array $headers = [])
  222. {
  223. trigger_deprecation('symfony/http-foundation', '5.1', 'The "%s()" method is deprecated, use "new %s()" instead.', __METHOD__, static::class);
  224. return new static($content, $status, $headers);
  225. }
  226. /**
  227. * Returns the Response as an HTTP string.
  228. *
  229. * The string representation of the Response is the same as the
  230. * one that will be sent to the client only if the prepare() method
  231. * has been called before.
  232. *
  233. * @return string
  234. *
  235. * @see prepare()
  236. */
  237. public function __toString()
  238. {
  239. return
  240. sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText)."\r\n".
  241. $this->headers."\r\n".
  242. $this->getContent();
  243. }
  244. /**
  245. * Clones the current Response instance.
  246. */
  247. public function __clone()
  248. {
  249. $this->headers = clone $this->headers;
  250. }
  251. /**
  252. * Prepares the Response before it is sent to the client.
  253. *
  254. * This method tweaks the Response to ensure that it is
  255. * compliant with RFC 2616. Most of the changes are based on
  256. * the Request that is "associated" with this Response.
  257. *
  258. * @return $this
  259. */
  260. public function prepare(Request $request)
  261. {
  262. $headers = $this->headers;
  263. if ($this->isInformational() || $this->isEmpty()) {
  264. $this->setContent(null);
  265. $headers->remove('Content-Type');
  266. $headers->remove('Content-Length');
  267. // prevent PHP from sending the Content-Type header based on default_mimetype
  268. ini_set('default_mimetype', '');
  269. } else {
  270. // Content-type based on the Request
  271. if (!$headers->has('Content-Type')) {
  272. $format = $request->getRequestFormat(null);
  273. if (null !== $format && $mimeType = $request->getMimeType($format)) {
  274. $headers->set('Content-Type', $mimeType);
  275. }
  276. }
  277. // Fix Content-Type
  278. $charset = $this->charset ?: 'UTF-8';
  279. if (!$headers->has('Content-Type')) {
  280. $headers->set('Content-Type', 'text/html; charset='.$charset);
  281. } elseif (0 === stripos($headers->get('Content-Type') ?? '', 'text/') && false === stripos($headers->get('Content-Type') ?? '', 'charset')) {
  282. // add the charset
  283. $headers->set('Content-Type', $headers->get('Content-Type').'; charset='.$charset);
  284. }
  285. // Fix Content-Length
  286. if ($headers->has('Transfer-Encoding')) {
  287. $headers->remove('Content-Length');
  288. }
  289. if ($request->isMethod('HEAD')) {
  290. // cf. RFC2616 14.13
  291. $length = $headers->get('Content-Length');
  292. $this->setContent(null);
  293. if ($length) {
  294. $headers->set('Content-Length', $length);
  295. }
  296. }
  297. }
  298. // Fix protocol
  299. if ('HTTP/1.0' != $request->server->get('SERVER_PROTOCOL')) {
  300. $this->setProtocolVersion('1.1');
  301. }
  302. // Check if we need to send extra expire info headers
  303. if ('1.0' == $this->getProtocolVersion() && str_contains($headers->get('Cache-Control', ''), 'no-cache')) {
  304. $headers->set('pragma', 'no-cache');
  305. $headers->set('expires', -1);
  306. }
  307. $this->ensureIEOverSSLCompatibility($request);
  308. if ($request->isSecure()) {
  309. foreach ($headers->getCookies() as $cookie) {
  310. $cookie->setSecureDefault(true);
  311. }
  312. }
  313. return $this;
  314. }
  315. /**
  316. * Sends HTTP headers.
  317. *
  318. * @return $this
  319. */
  320. public function sendHeaders()
  321. {
  322. // headers have already been sent by the developer
  323. if (headers_sent()) {
  324. return $this;
  325. }
  326. // headers
  327. foreach ($this->headers->allPreserveCaseWithoutCookies() as $name => $values) {
  328. $replace = 0 === strcasecmp($name, 'Content-Type');
  329. foreach ($values as $value) {
  330. header($name.': '.$value, $replace, $this->statusCode);
  331. }
  332. }
  333. // cookies
  334. foreach ($this->headers->getCookies() as $cookie) {
  335. header('Set-Cookie: '.$cookie, false, $this->statusCode);
  336. }
  337. // status
  338. header(sprintf('HTTP/%s %s %s', $this->version, $this->statusCode, $this->statusText), true, $this->statusCode);
  339. return $this;
  340. }
  341. /**
  342. * Sends content for the current web response.
  343. *
  344. * @return $this
  345. */
  346. public function sendContent()
  347. {
  348. echo $this->content;
  349. return $this;
  350. }
  351. /**
  352. * Sends HTTP headers and content.
  353. *
  354. * @return $this
  355. */
  356. public function send()
  357. {
  358. $this->sendHeaders();
  359. $this->sendContent();
  360. if (\function_exists('fastcgi_finish_request')) {
  361. fastcgi_finish_request();
  362. } elseif (\function_exists('litespeed_finish_request')) {
  363. litespeed_finish_request();
  364. } elseif (!\in_array(\PHP_SAPI, ['cli', 'phpdbg'], true)) {
  365. static::closeOutputBuffers(0, true);
  366. flush();
  367. }
  368. return $this;
  369. }
  370. /**
  371. * Sets the response content.
  372. *
  373. * @return $this
  374. */
  375. public function setContent(?string $content)
  376. {
  377. $this->content = $content ?? '';
  378. return $this;
  379. }
  380. /**
  381. * Gets the current response content.
  382. *
  383. * @return string|false
  384. */
  385. public function getContent()
  386. {
  387. return $this->content;
  388. }
  389. /**
  390. * Sets the HTTP protocol version (1.0 or 1.1).
  391. *
  392. * @return $this
  393. *
  394. * @final
  395. */
  396. public function setProtocolVersion(string $version): object
  397. {
  398. $this->version = $version;
  399. return $this;
  400. }
  401. /**
  402. * Gets the HTTP protocol version.
  403. *
  404. * @final
  405. */
  406. public function getProtocolVersion(): string
  407. {
  408. return $this->version;
  409. }
  410. /**
  411. * Sets the response status code.
  412. *
  413. * If the status text is null it will be automatically populated for the known
  414. * status codes and left empty otherwise.
  415. *
  416. * @return $this
  417. *
  418. * @throws \InvalidArgumentException When the HTTP status code is not valid
  419. *
  420. * @final
  421. */
  422. public function setStatusCode(int $code, ?string $text = null): object
  423. {
  424. $this->statusCode = $code;
  425. if ($this->isInvalid()) {
  426. throw new \InvalidArgumentException(sprintf('The HTTP status code "%s" is not valid.', $code));
  427. }
  428. if (null === $text) {
  429. $this->statusText = self::$statusTexts[$code] ?? 'unknown status';
  430. return $this;
  431. }
  432. if (false === $text) {
  433. $this->statusText = '';
  434. return $this;
  435. }
  436. $this->statusText = $text;
  437. return $this;
  438. }
  439. /**
  440. * Retrieves the status code for the current web response.
  441. *
  442. * @final
  443. */
  444. public function getStatusCode(): int
  445. {
  446. return $this->statusCode;
  447. }
  448. /**
  449. * Sets the response charset.
  450. *
  451. * @return $this
  452. *
  453. * @final
  454. */
  455. public function setCharset(string $charset): object
  456. {
  457. $this->charset = $charset;
  458. return $this;
  459. }
  460. /**
  461. * Retrieves the response charset.
  462. *
  463. * @final
  464. */
  465. public function getCharset(): ?string
  466. {
  467. return $this->charset;
  468. }
  469. /**
  470. * Returns true if the response may safely be kept in a shared (surrogate) cache.
  471. *
  472. * Responses marked "private" with an explicit Cache-Control directive are
  473. * considered uncacheable.
  474. *
  475. * Responses with neither a freshness lifetime (Expires, max-age) nor cache
  476. * validator (Last-Modified, ETag) are considered uncacheable because there is
  477. * no way to tell when or how to remove them from the cache.
  478. *
  479. * Note that RFC 7231 and RFC 7234 possibly allow for a more permissive implementation,
  480. * for example "status codes that are defined as cacheable by default [...]
  481. * can be reused by a cache with heuristic expiration unless otherwise indicated"
  482. * (https://tools.ietf.org/html/rfc7231#section-6.1)
  483. *
  484. * @final
  485. */
  486. public function isCacheable(): bool
  487. {
  488. if (!\in_array($this->statusCode, [200, 203, 300, 301, 302, 404, 410])) {
  489. return false;
  490. }
  491. if ($this->headers->hasCacheControlDirective('no-store') || $this->headers->getCacheControlDirective('private')) {
  492. return false;
  493. }
  494. return $this->isValidateable() || $this->isFresh();
  495. }
  496. /**
  497. * Returns true if the response is "fresh".
  498. *
  499. * Fresh responses may be served from cache without any interaction with the
  500. * origin. A response is considered fresh when it includes a Cache-Control/max-age
  501. * indicator or Expires header and the calculated age is less than the freshness lifetime.
  502. *
  503. * @final
  504. */
  505. public function isFresh(): bool
  506. {
  507. return $this->getTtl() > 0;
  508. }
  509. /**
  510. * Returns true if the response includes headers that can be used to validate
  511. * the response with the origin server using a conditional GET request.
  512. *
  513. * @final
  514. */
  515. public function isValidateable(): bool
  516. {
  517. return $this->headers->has('Last-Modified') || $this->headers->has('ETag');
  518. }
  519. /**
  520. * Marks the response as "private".
  521. *
  522. * It makes the response ineligible for serving other clients.
  523. *
  524. * @return $this
  525. *
  526. * @final
  527. */
  528. public function setPrivate(): object
  529. {
  530. $this->headers->removeCacheControlDirective('public');
  531. $this->headers->addCacheControlDirective('private');
  532. return $this;
  533. }
  534. /**
  535. * Marks the response as "public".
  536. *
  537. * It makes the response eligible for serving other clients.
  538. *
  539. * @return $this
  540. *
  541. * @final
  542. */
  543. public function setPublic(): object
  544. {
  545. $this->headers->addCacheControlDirective('public');
  546. $this->headers->removeCacheControlDirective('private');
  547. return $this;
  548. }
  549. /**
  550. * Marks the response as "immutable".
  551. *
  552. * @return $this
  553. *
  554. * @final
  555. */
  556. public function setImmutable(bool $immutable = true): object
  557. {
  558. if ($immutable) {
  559. $this->headers->addCacheControlDirective('immutable');
  560. } else {
  561. $this->headers->removeCacheControlDirective('immutable');
  562. }
  563. return $this;
  564. }
  565. /**
  566. * Returns true if the response is marked as "immutable".
  567. *
  568. * @final
  569. */
  570. public function isImmutable(): bool
  571. {
  572. return $this->headers->hasCacheControlDirective('immutable');
  573. }
  574. /**
  575. * Returns true if the response must be revalidated by shared caches once it has become stale.
  576. *
  577. * This method indicates that the response must not be served stale by a
  578. * cache in any circumstance without first revalidating with the origin.
  579. * When present, the TTL of the response should not be overridden to be
  580. * greater than the value provided by the origin.
  581. *
  582. * @final
  583. */
  584. public function mustRevalidate(): bool
  585. {
  586. return $this->headers->hasCacheControlDirective('must-revalidate') || $this->headers->hasCacheControlDirective('proxy-revalidate');
  587. }
  588. /**
  589. * Returns the Date header as a DateTime instance.
  590. *
  591. * @throws \RuntimeException When the header is not parseable
  592. *
  593. * @final
  594. */
  595. public function getDate(): ?\DateTimeInterface
  596. {
  597. return $this->headers->getDate('Date');
  598. }
  599. /**
  600. * Sets the Date header.
  601. *
  602. * @return $this
  603. *
  604. * @final
  605. */
  606. public function setDate(\DateTimeInterface $date): object
  607. {
  608. if ($date instanceof \DateTime) {
  609. $date = \DateTimeImmutable::createFromMutable($date);
  610. }
  611. $date = $date->setTimezone(new \DateTimeZone('UTC'));
  612. $this->headers->set('Date', $date->format('D, d M Y H:i:s').' GMT');
  613. return $this;
  614. }
  615. /**
  616. * Returns the age of the response in seconds.
  617. *
  618. * @final
  619. */
  620. public function getAge(): int
  621. {
  622. if (null !== $age = $this->headers->get('Age')) {
  623. return (int) $age;
  624. }
  625. return max(time() - (int) $this->getDate()->format('U'), 0);
  626. }
  627. /**
  628. * Marks the response stale by setting the Age header to be equal to the maximum age of the response.
  629. *
  630. * @return $this
  631. */
  632. public function expire()
  633. {
  634. if ($this->isFresh()) {
  635. $this->headers->set('Age', $this->getMaxAge());
  636. $this->headers->remove('Expires');
  637. }
  638. return $this;
  639. }
  640. /**
  641. * Returns the value of the Expires header as a DateTime instance.
  642. *
  643. * @final
  644. */
  645. public function getExpires(): ?\DateTimeInterface
  646. {
  647. try {
  648. return $this->headers->getDate('Expires');
  649. } catch (\RuntimeException $e) {
  650. // according to RFC 2616 invalid date formats (e.g. "0" and "-1") must be treated as in the past
  651. return \DateTime::createFromFormat('U', time() - 172800);
  652. }
  653. }
  654. /**
  655. * Sets the Expires HTTP header with a DateTime instance.
  656. *
  657. * Passing null as value will remove the header.
  658. *
  659. * @return $this
  660. *
  661. * @final
  662. */
  663. public function setExpires(?\DateTimeInterface $date = null): object
  664. {
  665. if (null === $date) {
  666. $this->headers->remove('Expires');
  667. return $this;
  668. }
  669. if ($date instanceof \DateTime) {
  670. $date = \DateTimeImmutable::createFromMutable($date);
  671. }
  672. $date = $date->setTimezone(new \DateTimeZone('UTC'));
  673. $this->headers->set('Expires', $date->format('D, d M Y H:i:s').' GMT');
  674. return $this;
  675. }
  676. /**
  677. * Returns the number of seconds after the time specified in the response's Date
  678. * header when the response should no longer be considered fresh.
  679. *
  680. * First, it checks for a s-maxage directive, then a max-age directive, and then it falls
  681. * back on an expires header. It returns null when no maximum age can be established.
  682. *
  683. * @final
  684. */
  685. public function getMaxAge(): ?int
  686. {
  687. if ($this->headers->hasCacheControlDirective('s-maxage')) {
  688. return (int) $this->headers->getCacheControlDirective('s-maxage');
  689. }
  690. if ($this->headers->hasCacheControlDirective('max-age')) {
  691. return (int) $this->headers->getCacheControlDirective('max-age');
  692. }
  693. if (null !== $expires = $this->getExpires()) {
  694. $maxAge = (int) $expires->format('U') - (int) $this->getDate()->format('U');
  695. return max($maxAge, 0);
  696. }
  697. return null;
  698. }
  699. /**
  700. * Sets the number of seconds after which the response should no longer be considered fresh.
  701. *
  702. * This methods sets the Cache-Control max-age directive.
  703. *
  704. * @return $this
  705. *
  706. * @final
  707. */
  708. public function setMaxAge(int $value): object
  709. {
  710. $this->headers->addCacheControlDirective('max-age', $value);
  711. return $this;
  712. }
  713. /**
  714. * Sets the number of seconds after which the response should no longer be considered fresh by shared caches.
  715. *
  716. * This methods sets the Cache-Control s-maxage directive.
  717. *
  718. * @return $this
  719. *
  720. * @final
  721. */
  722. public function setSharedMaxAge(int $value): object
  723. {
  724. $this->setPublic();
  725. $this->headers->addCacheControlDirective('s-maxage', $value);
  726. return $this;
  727. }
  728. /**
  729. * Returns the response's time-to-live in seconds.
  730. *
  731. * It returns null when no freshness information is present in the response.
  732. *
  733. * When the response's TTL is 0, the response may not be served from cache without first
  734. * revalidating with the origin.
  735. *
  736. * @final
  737. */
  738. public function getTtl(): ?int
  739. {
  740. $maxAge = $this->getMaxAge();
  741. return null !== $maxAge ? max($maxAge - $this->getAge(), 0) : null;
  742. }
  743. /**
  744. * Sets the response's time-to-live for shared caches in seconds.
  745. *
  746. * This method adjusts the Cache-Control/s-maxage directive.
  747. *
  748. * @return $this
  749. *
  750. * @final
  751. */
  752. public function setTtl(int $seconds): object
  753. {
  754. $this->setSharedMaxAge($this->getAge() + $seconds);
  755. return $this;
  756. }
  757. /**
  758. * Sets the response's time-to-live for private/client caches in seconds.
  759. *
  760. * This method adjusts the Cache-Control/max-age directive.
  761. *
  762. * @return $this
  763. *
  764. * @final
  765. */
  766. public function setClientTtl(int $seconds): object
  767. {
  768. $this->setMaxAge($this->getAge() + $seconds);
  769. return $this;
  770. }
  771. /**
  772. * Returns the Last-Modified HTTP header as a DateTime instance.
  773. *
  774. * @throws \RuntimeException When the HTTP header is not parseable
  775. *
  776. * @final
  777. */
  778. public function getLastModified(): ?\DateTimeInterface
  779. {
  780. return $this->headers->getDate('Last-Modified');
  781. }
  782. /**
  783. * Sets the Last-Modified HTTP header with a DateTime instance.
  784. *
  785. * Passing null as value will remove the header.
  786. *
  787. * @return $this
  788. *
  789. * @final
  790. */
  791. public function setLastModified(?\DateTimeInterface $date = null): object
  792. {
  793. if (null === $date) {
  794. $this->headers->remove('Last-Modified');
  795. return $this;
  796. }
  797. if ($date instanceof \DateTime) {
  798. $date = \DateTimeImmutable::createFromMutable($date);
  799. }
  800. $date = $date->setTimezone(new \DateTimeZone('UTC'));
  801. $this->headers->set('Last-Modified', $date->format('D, d M Y H:i:s').' GMT');
  802. return $this;
  803. }
  804. /**
  805. * Returns the literal value of the ETag HTTP header.
  806. *
  807. * @final
  808. */
  809. public function getEtag(): ?string
  810. {
  811. return $this->headers->get('ETag');
  812. }
  813. /**
  814. * Sets the ETag value.
  815. *
  816. * @param string|null $etag The ETag unique identifier or null to remove the header
  817. * @param bool $weak Whether you want a weak ETag or not
  818. *
  819. * @return $this
  820. *
  821. * @final
  822. */
  823. public function setEtag(?string $etag = null, bool $weak = false): object
  824. {
  825. if (null === $etag) {
  826. $this->headers->remove('Etag');
  827. } else {
  828. if (!str_starts_with($etag, '"')) {
  829. $etag = '"'.$etag.'"';
  830. }
  831. $this->headers->set('ETag', (true === $weak ? 'W/' : '').$etag);
  832. }
  833. return $this;
  834. }
  835. /**
  836. * Sets the response's cache headers (validation and/or expiration).
  837. *
  838. * Available options are: must_revalidate, no_cache, no_store, no_transform, public, private, proxy_revalidate, max_age, s_maxage, immutable, last_modified and etag.
  839. *
  840. * @return $this
  841. *
  842. * @throws \InvalidArgumentException
  843. *
  844. * @final
  845. */
  846. public function setCache(array $options): object
  847. {
  848. if ($diff = array_diff(array_keys($options), array_keys(self::HTTP_RESPONSE_CACHE_CONTROL_DIRECTIVES))) {
  849. throw new \InvalidArgumentException(sprintf('Response does not support the following options: "%s".', implode('", "', $diff)));
  850. }
  851. if (isset($options['etag'])) {
  852. $this->setEtag($options['etag']);
  853. }
  854. if (isset($options['last_modified'])) {
  855. $this->setLastModified($options['last_modified']);
  856. }
  857. if (isset($options['max_age'])) {
  858. $this->setMaxAge($options['max_age']);
  859. }
  860. if (isset($options['s_maxage'])) {
  861. $this->setSharedMaxAge($options['s_maxage']);
  862. }
  863. foreach (self::HTTP_RESPONSE_CACHE_CONTROL_DIRECTIVES as $directive => $hasValue) {
  864. if (!$hasValue && isset($options[$directive])) {
  865. if ($options[$directive]) {
  866. $this->headers->addCacheControlDirective(str_replace('_', '-', $directive));
  867. } else {
  868. $this->headers->removeCacheControlDirective(str_replace('_', '-', $directive));
  869. }
  870. }
  871. }
  872. if (isset($options['public'])) {
  873. if ($options['public']) {
  874. $this->setPublic();
  875. } else {
  876. $this->setPrivate();
  877. }
  878. }
  879. if (isset($options['private'])) {
  880. if ($options['private']) {
  881. $this->setPrivate();
  882. } else {
  883. $this->setPublic();
  884. }
  885. }
  886. return $this;
  887. }
  888. /**
  889. * Modifies the response so that it conforms to the rules defined for a 304 status code.
  890. *
  891. * This sets the status, removes the body, and discards any headers
  892. * that MUST NOT be included in 304 responses.
  893. *
  894. * @return $this
  895. *
  896. * @see https://tools.ietf.org/html/rfc2616#section-10.3.5
  897. *
  898. * @final
  899. */
  900. public function setNotModified(): object
  901. {
  902. $this->setStatusCode(304);
  903. $this->setContent(null);
  904. // remove headers that MUST NOT be included with 304 Not Modified responses
  905. foreach (['Allow', 'Content-Encoding', 'Content-Language', 'Content-Length', 'Content-MD5', 'Content-Type', 'Last-Modified'] as $header) {
  906. $this->headers->remove($header);
  907. }
  908. return $this;
  909. }
  910. /**
  911. * Returns true if the response includes a Vary header.
  912. *
  913. * @final
  914. */
  915. public function hasVary(): bool
  916. {
  917. return null !== $this->headers->get('Vary');
  918. }
  919. /**
  920. * Returns an array of header names given in the Vary header.
  921. *
  922. * @final
  923. */
  924. public function getVary(): array
  925. {
  926. if (!$vary = $this->headers->all('Vary')) {
  927. return [];
  928. }
  929. $ret = [];
  930. foreach ($vary as $item) {
  931. $ret[] = preg_split('/[\s,]+/', $item);
  932. }
  933. return array_merge([], ...$ret);
  934. }
  935. /**
  936. * Sets the Vary header.
  937. *
  938. * @param string|array $headers
  939. * @param bool $replace Whether to replace the actual value or not (true by default)
  940. *
  941. * @return $this
  942. *
  943. * @final
  944. */
  945. public function setVary($headers, bool $replace = true): object
  946. {
  947. $this->headers->set('Vary', $headers, $replace);
  948. return $this;
  949. }
  950. /**
  951. * Determines if the Response validators (ETag, Last-Modified) match
  952. * a conditional value specified in the Request.
  953. *
  954. * If the Response is not modified, it sets the status code to 304 and
  955. * removes the actual content by calling the setNotModified() method.
  956. *
  957. * @final
  958. */
  959. public function isNotModified(Request $request): bool
  960. {
  961. if (!$request->isMethodCacheable()) {
  962. return false;
  963. }
  964. $notModified = false;
  965. $lastModified = $this->headers->get('Last-Modified');
  966. $modifiedSince = $request->headers->get('If-Modified-Since');
  967. if (($ifNoneMatchEtags = $request->getETags()) && (null !== $etag = $this->getEtag())) {
  968. if (0 == strncmp($etag, 'W/', 2)) {
  969. $etag = substr($etag, 2);
  970. }
  971. // Use weak comparison as per https://tools.ietf.org/html/rfc7232#section-3.2.
  972. foreach ($ifNoneMatchEtags as $ifNoneMatchEtag) {
  973. if (0 == strncmp($ifNoneMatchEtag, 'W/', 2)) {
  974. $ifNoneMatchEtag = substr($ifNoneMatchEtag, 2);
  975. }
  976. if ($ifNoneMatchEtag === $etag || '*' === $ifNoneMatchEtag) {
  977. $notModified = true;
  978. break;
  979. }
  980. }
  981. }
  982. // Only do If-Modified-Since date comparison when If-None-Match is not present as per https://tools.ietf.org/html/rfc7232#section-3.3.
  983. elseif ($modifiedSince && $lastModified) {
  984. $notModified = strtotime($modifiedSince) >= strtotime($lastModified);
  985. }
  986. if ($notModified) {
  987. $this->setNotModified();
  988. }
  989. return $notModified;
  990. }
  991. /**
  992. * Is response invalid?
  993. *
  994. * @see https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  995. *
  996. * @final
  997. */
  998. public function isInvalid(): bool
  999. {
  1000. return $this->statusCode < 100 || $this->statusCode >= 600;
  1001. }
  1002. /**
  1003. * Is response informative?
  1004. *
  1005. * @final
  1006. */
  1007. public function isInformational(): bool
  1008. {
  1009. return $this->statusCode >= 100 && $this->statusCode < 200;
  1010. }
  1011. /**
  1012. * Is response successful?
  1013. *
  1014. * @final
  1015. */
  1016. public function isSuccessful(): bool
  1017. {
  1018. return $this->statusCode >= 200 && $this->statusCode < 300;
  1019. }
  1020. /**
  1021. * Is the response a redirect?
  1022. *
  1023. * @final
  1024. */
  1025. public function isRedirection(): bool
  1026. {
  1027. return $this->statusCode >= 300 && $this->statusCode < 400;
  1028. }
  1029. /**
  1030. * Is there a client error?
  1031. *
  1032. * @final
  1033. */
  1034. public function isClientError(): bool
  1035. {
  1036. return $this->statusCode >= 400 && $this->statusCode < 500;
  1037. }
  1038. /**
  1039. * Was there a server side error?
  1040. *
  1041. * @final
  1042. */
  1043. public function isServerError(): bool
  1044. {
  1045. return $this->statusCode >= 500 && $this->statusCode < 600;
  1046. }
  1047. /**
  1048. * Is the response OK?
  1049. *
  1050. * @final
  1051. */
  1052. public function isOk(): bool
  1053. {
  1054. return 200 === $this->statusCode;
  1055. }
  1056. /**
  1057. * Is the response forbidden?
  1058. *
  1059. * @final
  1060. */
  1061. public function isForbidden(): bool
  1062. {
  1063. return 403 === $this->statusCode;
  1064. }
  1065. /**
  1066. * Is the response a not found error?
  1067. *
  1068. * @final
  1069. */
  1070. public function isNotFound(): bool
  1071. {
  1072. return 404 === $this->statusCode;
  1073. }
  1074. /**
  1075. * Is the response a redirect of some form?
  1076. *
  1077. * @final
  1078. */
  1079. public function isRedirect(?string $location = null): bool
  1080. {
  1081. return \in_array($this->statusCode, [201, 301, 302, 303, 307, 308]) && (null === $location ?: $location == $this->headers->get('Location'));
  1082. }
  1083. /**
  1084. * Is the response empty?
  1085. *
  1086. * @final
  1087. */
  1088. public function isEmpty(): bool
  1089. {
  1090. return \in_array($this->statusCode, [204, 304]);
  1091. }
  1092. /**
  1093. * Cleans or flushes output buffers up to target level.
  1094. *
  1095. * Resulting level can be greater than target level if a non-removable buffer has been encountered.
  1096. *
  1097. * @final
  1098. */
  1099. public static function closeOutputBuffers(int $targetLevel, bool $flush): void
  1100. {
  1101. $status = ob_get_status(true);
  1102. $level = \count($status);
  1103. $flags = \PHP_OUTPUT_HANDLER_REMOVABLE | ($flush ? \PHP_OUTPUT_HANDLER_FLUSHABLE : \PHP_OUTPUT_HANDLER_CLEANABLE);
  1104. while ($level-- > $targetLevel && ($s = $status[$level]) && (!isset($s['del']) ? !isset($s['flags']) || ($s['flags'] & $flags) === $flags : $s['del'])) {
  1105. if ($flush) {
  1106. ob_end_flush();
  1107. } else {
  1108. ob_end_clean();
  1109. }
  1110. }
  1111. }
  1112. /**
  1113. * Marks a response as safe according to RFC8674.
  1114. *
  1115. * @see https://tools.ietf.org/html/rfc8674
  1116. */
  1117. public function setContentSafe(bool $safe = true): void
  1118. {
  1119. if ($safe) {
  1120. $this->headers->set('Preference-Applied', 'safe');
  1121. } elseif ('safe' === $this->headers->get('Preference-Applied')) {
  1122. $this->headers->remove('Preference-Applied');
  1123. }
  1124. $this->setVary('Prefer', false);
  1125. }
  1126. /**
  1127. * Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9.
  1128. *
  1129. * @see http://support.microsoft.com/kb/323308
  1130. *
  1131. * @final
  1132. */
  1133. protected function ensureIEOverSSLCompatibility(Request $request): void
  1134. {
  1135. if (false !== stripos($this->headers->get('Content-Disposition') ?? '', 'attachment') && 1 == preg_match('/MSIE (.*?);/i', $request->server->get('HTTP_USER_AGENT') ?? '', $match) && true === $request->isSecure()) {
  1136. if ((int) preg_replace('/(MSIE )(.*?);/', '$2', $match[0]) < 9) {
  1137. $this->headers->remove('Cache-Control');
  1138. }
  1139. }
  1140. }
  1141. }