1. 8.5.x vendor/symfony/http-foundation/JsonResponse.php JsonResponse
  2. 8.5.x vendor/zendframework/zend-diactoros/src/Response/JsonResponse.php JsonResponse
  3. 8.0.x vendor/symfony/http-foundation/JsonResponse.php JsonResponse
  4. 8.0.x vendor/zendframework/zend-diactoros/src/Response/JsonResponse.php JsonResponse
  5. 8.1.x vendor/zendframework/zend-diactoros/src/Response/JsonResponse.php JsonResponse
  6. 8.1.x vendor/symfony/http-foundation/JsonResponse.php JsonResponse
  7. 8.2.x vendor/zendframework/zend-diactoros/src/Response/JsonResponse.php JsonResponse
  8. 8.2.x vendor/symfony/http-foundation/JsonResponse.php JsonResponse
  9. 8.3.x vendor/symfony/http-foundation/JsonResponse.php JsonResponse
  10. 8.3.x vendor/zendframework/zend-diactoros/src/Response/JsonResponse.php JsonResponse
  11. 8.4.x vendor/symfony/http-foundation/JsonResponse.php JsonResponse
  12. 8.4.x vendor/zendframework/zend-diactoros/src/Response/JsonResponse.php JsonResponse
  13. 8.6.x vendor/zendframework/zend-diactoros/src/Response/JsonResponse.php JsonResponse
  14. 8.6.x vendor/symfony/http-foundation/JsonResponse.php JsonResponse

Response represents an HTTP response in JSON format.

Note that this class does not force the returned JSON content to be an object. It is however recommended that you do return an object as it protects yourself against XSSI and JSON-JavaScript Hijacking.

@author Igor Wiedler <igor@wiedler.ch>

Hierarchy

  • class \Symfony\Component\HttpFoundation\Response

Expanded class hierarchy of JsonResponse

See also

https://www.owasp.org/index.php/OWASP_AJAX_Security_Guidelines#Always_re...

38 files declare their use of JsonResponse
AjaxResponse.php in core/lib/Drupal/Core/Ajax/AjaxResponse.php
AutocompleteController.php in core/modules/system/tests/modules/form_test/src/AutocompleteController.php
batch.inc in core/includes/batch.inc
Batch processing API for processes to run in multiple HTTP requests.
CacheableJsonResponse.php in core/lib/Drupal/Core/Cache/CacheableJsonResponse.php
CategoryAutocompleteController.php in core/modules/block/src/Controller/CategoryAutocompleteController.php

... See full list

File

vendor/symfony/http-foundation/JsonResponse.php, line 25

Namespace

Symfony\Component\HttpFoundation
View source
class JsonResponse extends Response {
  protected $data;
  protected $callback;

  // Encode <, >, ', &, and " characters in the JSON, making it also safe to be embedded into HTML.
  // 15 === JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT
  const DEFAULT_ENCODING_OPTIONS = 15;
  protected $encodingOptions = self::DEFAULT_ENCODING_OPTIONS;

  /**
   * @param mixed $data    The response data
   * @param int   $status  The response status code
   * @param array $headers An array of response headers
   * @param bool  $json    If the data is already a JSON string
   */
  public function __construct($data = null, $status = 200, $headers = array(), $json = false) {
    parent::__construct('', $status, $headers);
    if (null === $data) {
      $data = new \ArrayObject();
    }
    $json ? $this
      ->setJson($data) : $this
      ->setData($data);
  }

  /**
   * Factory method for chainability.
   *
   * Example:
   *
   *     return JsonResponse::create($data, 200)
   *         ->setSharedMaxAge(300);
   *
   * @param mixed $data    The json response data
   * @param int   $status  The response status code
   * @param array $headers An array of response headers
   *
   * @return static
   */
  public static function create($data = null, $status = 200, $headers = array()) {
    return new static($data, $status, $headers);
  }

  /**
   * Make easier the creation of JsonResponse from raw json.
   */
  public static function fromJsonString($data = null, $status = 200, $headers = array()) {
    return new static($data, $status, $headers, true);
  }

  /**
   * Sets the JSONP callback.
   *
   * @param string|null $callback The JSONP callback or null to use none
   *
   * @return $this
   *
   * @throws \InvalidArgumentException When the callback name is not valid
   */
  public function setCallback($callback = null) {
    if (null !== $callback) {

      // partially taken from http://www.geekality.net/2011/08/03/valid-javascript-identifier/
      // partially taken from https://github.com/willdurand/JsonpCallbackValidator
      //      JsonpCallbackValidator is released under the MIT License. See https://github.com/willdurand/JsonpCallbackValidator/blob/v1.1.0/LICENSE for details.
      //      (c) William Durand <william.durand1@gmail.com>
      $pattern = '/^[$_\\p{L}][$_\\p{L}\\p{Mn}\\p{Mc}\\p{Nd}\\p{Pc}\\x{200C}\\x{200D}]*(?:\\[(?:"(?:\\\\.|[^"\\\\])*"|\'(?:\\\\.|[^\'\\\\])*\'|\\d+)\\])*?$/u';
      $reserved = array(
        'break',
        'do',
        'instanceof',
        'typeof',
        'case',
        'else',
        'new',
        'var',
        'catch',
        'finally',
        'return',
        'void',
        'continue',
        'for',
        'switch',
        'while',
        'debugger',
        'function',
        'this',
        'with',
        'default',
        'if',
        'throw',
        'delete',
        'in',
        'try',
        'class',
        'enum',
        'extends',
        'super',
        'const',
        'export',
        'import',
        'implements',
        'let',
        'private',
        'public',
        'yield',
        'interface',
        'package',
        'protected',
        'static',
        'null',
        'true',
        'false',
      );
      $parts = explode('.', $callback);
      foreach ($parts as $part) {
        if (!preg_match($pattern, $part) || in_array($part, $reserved, true)) {
          throw new \InvalidArgumentException('The callback name is not valid.');
        }
      }
    }
    $this->callback = $callback;
    return $this
      ->update();
  }

  /**
   * Sets a raw string containing a JSON document to be sent.
   *
   * @param string $json
   *
   * @return $this
   *
   * @throws \InvalidArgumentException
   */
  public function setJson($json) {
    $this->data = $json;
    return $this
      ->update();
  }

  /**
   * Sets the data to be sent as JSON.
   *
   * @param mixed $data
   *
   * @return $this
   *
   * @throws \InvalidArgumentException
   */
  public function setData($data = array()) {
    if (defined('HHVM_VERSION')) {

      // HHVM does not trigger any warnings and let exceptions
      // thrown from a JsonSerializable object pass through.
      // If only PHP did the same...
      $data = json_encode($data, $this->encodingOptions);
    }
    else {
      try {

        // PHP 5.4 and up wrap exceptions thrown by JsonSerializable
        // objects in a new exception that needs to be removed.
        // Fortunately, PHP 5.5 and up do not trigger any warning anymore.
        $data = json_encode($data, $this->encodingOptions);
      } catch (\Exception $e) {
        if ('Exception' === get_class($e) && 0 === strpos($e
          ->getMessage(), 'Failed calling ')) {
          throw $e
            ->getPrevious() ?: $e;
        }
        throw $e;
      }
    }
    if (JSON_ERROR_NONE !== json_last_error()) {
      throw new \InvalidArgumentException(json_last_error_msg());
    }
    return $this
      ->setJson($data);
  }

  /**
   * Returns options used while encoding data to JSON.
   *
   * @return int
   */
  public function getEncodingOptions() {
    return $this->encodingOptions;
  }

  /**
   * Sets options used while encoding data to JSON.
   *
   * @param int $encodingOptions
   *
   * @return $this
   */
  public function setEncodingOptions($encodingOptions) {
    $this->encodingOptions = (int) $encodingOptions;
    return $this
      ->setData(json_decode($this->data));
  }

  /**
   * Updates the content and headers according to the JSON data and callback.
   *
   * @return $this
   */
  protected function update() {
    if (null !== $this->callback) {

      // Not using application/javascript for compatibility reasons with older browsers.
      $this->headers
        ->set('Content-Type', 'text/javascript');
      return $this
        ->setContent(sprintf('/**/%s(%s);', $this->callback, $this->data));
    }

    // Only set the header when there is none or when it equals 'text/javascript' (from a previous update with callback)
    // in order to not overwrite a custom definition.
    if (!$this->headers
      ->has('Content-Type') || 'text/javascript' === $this->headers
      ->get('Content-Type')) {
      $this->headers
        ->set('Content-Type', 'application/json');
    }
    return $this
      ->setContent($this->data);
  }

}

Members

Contains filters are case sensitive
Namesort descending Modifiers Type Description Overrides
JsonResponse::$callback protected property
JsonResponse::$data protected property
JsonResponse::$encodingOptions protected property
JsonResponse::create public static function Factory method for chainability. Overrides Response::create
JsonResponse::DEFAULT_ENCODING_OPTIONS constant
JsonResponse::fromJsonString public static function Make easier the creation of JsonResponse from raw json.
JsonResponse::getEncodingOptions public function Returns options used while encoding data to JSON.
JsonResponse::setCallback public function Sets the JSONP callback.
JsonResponse::setData public function Sets the data to be sent as JSON.
JsonResponse::setEncodingOptions public function Sets options used while encoding data to JSON.
JsonResponse::setJson public function Sets a raw string containing a JSON document to be sent.
JsonResponse::update protected function Updates the content and headers according to the JSON data and callback.
JsonResponse::__construct public function Overrides Response::__construct
Response::$charset protected property
Response::$content protected property
Response::$deprecatedMethods private static property
Response::$deprecationsTriggered private static property
Response::$headers public property
Response::$statusCode protected property
Response::$statusText protected property
Response::$statusTexts public static property Status codes translation table.
Response::$version protected property
Response::closeOutputBuffers public static function Cleans or flushes output buffers up to target level.
Response::ensureIEOverSSLCompatibility protected function Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9.
Response::expire public function Marks the response stale by setting the Age header to be equal to the maximum age of the response.
Response::getAge public function Returns the age of the response.
Response::getCharset public function Retrieves the response charset.
Response::getContent public function Gets the current response content.
Response::getDate public function Returns the Date header as a DateTime instance.
Response::getEtag public function Returns the literal value of the ETag HTTP header.
Response::getExpires public function Returns the value of the Expires header as a DateTime instance.
Response::getLastModified public function Returns the Last-Modified HTTP header as a DateTime instance.
Response::getMaxAge public function Returns the number of seconds after the time specified in the response's Date header when the response should no longer be considered fresh.
Response::getProtocolVersion public function Gets the HTTP protocol version.
Response::getStatusCode public function Retrieves the status code for the current web response.
Response::getTtl public function Returns the response's time-to-live in seconds.
Response::getVary public function Returns an array of header names given in the Vary header.
Response::hasVary public function Returns true if the response includes a Vary header.
Response::HTTP_ACCEPTED constant
Response::HTTP_ALREADY_REPORTED constant
Response::HTTP_BAD_GATEWAY constant
Response::HTTP_BAD_REQUEST constant
Response::HTTP_CONFLICT constant
Response::HTTP_CONTINUE constant
Response::HTTP_CREATED constant
Response::HTTP_EXPECTATION_FAILED constant
Response::HTTP_FAILED_DEPENDENCY constant
Response::HTTP_FORBIDDEN constant
Response::HTTP_FOUND constant
Response::HTTP_GATEWAY_TIMEOUT constant
Response::HTTP_GONE constant
Response::HTTP_IM_USED constant
Response::HTTP_INSUFFICIENT_STORAGE constant
Response::HTTP_INTERNAL_SERVER_ERROR constant
Response::HTTP_I_AM_A_TEAPOT constant
Response::HTTP_LENGTH_REQUIRED constant
Response::HTTP_LOCKED constant
Response::HTTP_LOOP_DETECTED constant
Response::HTTP_METHOD_NOT_ALLOWED constant
Response::HTTP_MISDIRECTED_REQUEST constant
Response::HTTP_MOVED_PERMANENTLY constant
Response::HTTP_MULTIPLE_CHOICES constant
Response::HTTP_MULTI_STATUS constant
Response::HTTP_NETWORK_AUTHENTICATION_REQUIRED constant
Response::HTTP_NON_AUTHORITATIVE_INFORMATION constant
Response::HTTP_NOT_ACCEPTABLE constant
Response::HTTP_NOT_EXTENDED constant
Response::HTTP_NOT_FOUND constant
Response::HTTP_NOT_IMPLEMENTED constant
Response::HTTP_NOT_MODIFIED constant
Response::HTTP_NO_CONTENT constant
Response::HTTP_OK constant
Response::HTTP_PARTIAL_CONTENT constant
Response::HTTP_PAYMENT_REQUIRED constant
Response::HTTP_PERMANENTLY_REDIRECT constant
Response::HTTP_PRECONDITION_FAILED constant
Response::HTTP_PRECONDITION_REQUIRED constant
Response::HTTP_PROCESSING constant
Response::HTTP_PROXY_AUTHENTICATION_REQUIRED constant
Response::HTTP_REQUESTED_RANGE_NOT_SATISFIABLE constant
Response::HTTP_REQUEST_ENTITY_TOO_LARGE constant
Response::HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE constant
Response::HTTP_REQUEST_TIMEOUT constant
Response::HTTP_REQUEST_URI_TOO_LONG constant
Response::HTTP_RESERVED constant
Response::HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL constant
Response::HTTP_RESET_CONTENT constant
Response::HTTP_SEE_OTHER constant
Response::HTTP_SERVICE_UNAVAILABLE constant
Response::HTTP_SWITCHING_PROTOCOLS constant
Response::HTTP_TEMPORARY_REDIRECT constant
Response::HTTP_TOO_MANY_REQUESTS constant
Response::HTTP_UNAUTHORIZED constant
Response::HTTP_UNAVAILABLE_FOR_LEGAL_REASONS constant
Response::HTTP_UNPROCESSABLE_ENTITY constant
Response::HTTP_UNSUPPORTED_MEDIA_TYPE constant
Response::HTTP_UPGRADE_REQUIRED constant
Response::HTTP_USE_PROXY constant
Response::HTTP_VARIANT_ALSO_NEGOTIATES_EXPERIMENTAL constant
Response::HTTP_VERSION_NOT_SUPPORTED constant
Response::isCacheable public function Returns true if the response is worth caching under any circumstance.
Response::isClientError public function Is there a client error?
Response::isEmpty public function Is the response empty?
Response::isForbidden public function Is the response forbidden?
Response::isFresh public function Returns true if the response is "fresh".
Response::isInformational public function Is response informative?
Response::isInvalid public function Is response invalid?
Response::isNotFound public function Is the response a not found error?
Response::isNotModified public function Determines if the Response validators (ETag, Last-Modified) match a conditional value specified in the Request.
Response::isOk public function Is the response OK?
Response::isRedirect public function Is the response a redirect of some form?
Response::isRedirection public function Is the response a redirect?
Response::isServerError public function Was there a server side error?
Response::isSuccessful public function Is response successful?
Response::isValidateable public function Returns true if the response includes headers that can be used to validate the response with the origin server using a conditional GET request.
Response::mustRevalidate public function Returns true if the response must be revalidated by caches.
Response::prepare public function Prepares the Response before it is sent to the client.
Response::send public function Sends HTTP headers and content.
Response::sendContent public function Sends content for the current web response.
Response::sendHeaders public function Sends HTTP headers.
Response::setCache public function Sets the response's cache headers (validation and/or expiration).
Response::setCharset public function Sets the response charset.
Response::setClientTtl public function Sets the response's time-to-live for private/client caches.
Response::setContent public function Sets the response content.
Response::setDate public function Sets the Date header.
Response::setEtag public function Sets the ETag value.
Response::setExpires public function Sets the Expires HTTP header with a DateTime instance.
Response::setLastModified public function Sets the Last-Modified HTTP header with a DateTime instance.
Response::setMaxAge public function Sets the number of seconds after which the response should no longer be considered fresh.
Response::setNotModified public function Modifies the response so that it conforms to the rules defined for a 304 status code.
Response::setPrivate public function Marks the response as "private".
Response::setProtocolVersion public function Sets the HTTP protocol version (1.0 or 1.1).
Response::setPublic public function Marks the response as "public".
Response::setSharedMaxAge public function Sets the number of seconds after which the response should no longer be considered fresh by shared caches.
Response::setStatusCode public function Sets the response status code.
Response::setTtl public function Sets the response's time-to-live for shared caches.
Response::setVary public function Sets the Vary header.
Response::__clone public function Clones the current Response instance.
Response::__toString public function Returns the Response as an HTTP string.