HttpRequestService

Type
Class
Namespace
Craft
Inherits
Craft\HttpRequestService » CHttpRequest (opens new window) » CApplicationComponent (opens new window) » CComponent (opens new window)
Implements
IApplicationComponent
Since
1.0

HttpRequestService provides APIs for getting information about the current HTTP request.

An instance of HttpRequestService is globally accessible in Craft via {@link WebApp::request craft()->request}.

See also http://craftcms.com

View source (opens new window)

# Public Properties

Property Description
$behaviors (opens new window) array (opens new window) – The behaviors that should be attached to this component.
$csrfCookie (opens new window) array (opens new window) – The property values (in name-value pairs) used to initialize the CSRF cookie.
$csrfTokenName (opens new window) string (opens new window) – The name of the token used to prevent CSRF.
$enableCookieValidation (opens new window) boolean (opens new window) – Whether cookies should be validated to ensure they are not tampered.
$enableCsrfValidation (opens new window) boolean (opens new window) – Whether to enable CSRF (Cross-Site Request Forgery) validation.
$jsonAsArray (opens new window) boolean (opens new window) – Whether the parsing of JSON REST requests should return associative arrays for object data.

# Public Methods

Method Description
__call() (opens new window) Calls the named method which is not a class method.
__get() (opens new window) Returns a property value, an event handler list or a behavior based on its name.
__isset() (opens new window) Checks if a property value is null.
__set() (opens new window) Sets value of a component property.
__unset() (opens new window) Sets a component property to be null.
asa() (opens new window) Returns the named behavior object.
attachBehavior() (opens new window) Attaches a behavior to this component.
attachBehaviors() (opens new window) Attaches a list of behaviors to the component.
attachEventHandler() (opens new window) Attaches an event handler to an event.
canGetProperty() (opens new window) Determines whether a property can be read.
canSetProperty() (opens new window) Determines whether a property can be set.
close() Attempts to closes the connection with the HTTP client, without ending PHP script execution.
compareAcceptTypes() (opens new window) Compare function for determining the preference of accepted MIME type array maps See {@link parseAcceptHeader()} for the format of $a and $b
decodePathInfo() Decodes the path info.
deleteCookie() Deletes a cookie by its name.
detachBehavior() (opens new window) Detaches a behavior from the component.
detachBehaviors() (opens new window) Detaches all behaviors from the component.
detachEventHandler() (opens new window) Detaches an existing event handler.
disableBehavior() (opens new window) Disables an attached behavior.
disableBehaviors() (opens new window) Disables all behaviors attached to this component.
enableBehavior() (opens new window) Enables an attached behavior.
enableBehaviors() (opens new window) Enables all behaviors attached to this component.
evaluateExpression() (opens new window) Evaluates a PHP expression or callback under the context of this component.
getAcceptTypes() (opens new window) Returns user browser accept types, null if not present.
getActionSegments() Returns an array of the action path segments, if this is an {@link isActionRequest() action request}.
getBaseUrl() (opens new window) Returns the relative URL for the application.
getBrowser() (opens new window) Returns information about the capabilities of user browser.
getBrowserLanguages() Returns a list of languages the user has selected in their browser’s settings, canonicalized using {@link LocaleData::getCanonicalID}.
getClientOs() Returns whether the client is running "Windows", "Mac", "Linux" or "Other", based on the browser's UserAgent string.
getContentType() (opens new window) Returns request content-type The Content-Type header field indicates the MIME type of the data contained in {@link getRawBody()} or, in the case of the HEAD method, the media type that would have been sent had the request been a GET.
getCookie() Returns a cookie by its name.
getCookies() Returns the cookie collection. The result can be used like an associative array. Adding {@link HttpCookie} objects to the collection will send the cookies to the client; and removing the objects from the collection will delete those cookies on the client.
getCsrfToken() Gets the current CSRF token from the CSRF token cookie, (re)creating the cookie if it is missing or invalid.
getDelete() (opens new window) Returns the named DELETE parameter value.
getEventHandlers() (opens new window) Returns the list of attached event handlers for an event.
getHostInfo() (opens new window) Returns the schema and host part of the application URL.
getHostName() Returns the host name, without “http://” or “https://”.
getHttpVersion() (opens new window) Returns the version of the HTTP protocol used by client.
getIpAddress() Retrieves the best guess of the client’s actual IP address taking into account numerous HTTP proxy headers due to variations in how different ISPs handle IP addresses in headers between hops.
getIsAjaxRequest() (opens new window) Returns whether this is an AJAX (XMLHttpRequest) request.
getIsDeleteRequest() (opens new window) Returns whether this is a DELETE request.
getIsFlashRequest() (opens new window) Returns whether this is an Adobe Flash or Adobe Flex request.
getIsGetRequest() Returns whether this is a GET request.
getIsInitialized() (opens new window) Checks if this application component has been initialized.
getIsPatchRequest() (opens new window) Returns whether this is a PATCH request.
getIsPostRequest() (opens new window) Returns whether this is a POST request.
getIsPutRequest() (opens new window) Returns whether this is a PUT request.
getIsSecureConnection() (opens new window) Return if the request is sent via secure channel (https).
getMimeType() Returns the MIME type that is going to be included in the response via the Content-Type header.
getNormalizedPath() Returns the path Craft should use to route this request, including the CP trigger (opens new window) if it is in there.
getPageNum() Returns the current page number.
getParam() Returns a parameter from either the query string or POST data.
getPatch() (opens new window) Returns the named PATCH parameter value.
getPath() Returns the request’s Craft path.
getPathInfo() (opens new window) Returns the path info of the currently requested URL.
getPort() (opens new window) Returns the port to use for insecure requests.
getPost() Returns a POST parameter, or all of them.
getPreferredAcceptType() (opens new window) Returns the user preferred accept MIME type.
getPreferredAcceptTypes() (opens new window) Returns an array of user accepted MIME types in order of preference.
getPreferredLanguage() (opens new window) Returns the user-preferred language that should be used by this application.
getPreferredLanguages() (opens new window) Returns an array of user accepted languages in order of preference.
getPut() (opens new window) Returns the named PUT parameter value.
getQuery() Returns a query string parameter, or all of them.
getQueryString() (opens new window) Returns part of the request URL that is after the question mark.
getQueryStringWithoutPath() Returns the request’s query string, without the p= parameter.
getRawBody() (opens new window) Returns the raw HTTP request body.
getRequestType() (opens new window) Returns the request type, such as GET, POST, HEAD, PUT, PATCH, DELETE.
getRequestUri() (opens new window) Returns the request URI portion for the currently requested URL.
getRequiredParam() Returns a parameter from either the query string or POST data, or bails on the request with a 400 error if that parameter doesn’t exist anywhere.
getRequiredPost() Returns a POST parameter, or bails on the request with a 400 error if that parameter doesn’t exist.
getRequiredQuery() Returns a query string parameter, or bails on the request with a 400 error if that parameter doesn’t exist.
getRestParams() (opens new window) Returns request parameters. Typically PUT, PATCH or DELETE.
getScriptFile() (opens new window) Returns entry script file path.
getScriptName() Returns the script name used to access Craft (e.g. “index.php”).
getScriptUrl() (opens new window) Returns the relative URL of the entry script.
getSecurePort() (opens new window) Returns the port to use for secure requests.
getSegment() Returns a specific segment from the Craft path.
getSegments() Returns an array of the Craft path’s segments.
getServerName() (opens new window) Returns the server name.
getServerPort() (opens new window) Returns the server port number.
getToken() Returns the request’s token, if there is one.
getUrl() (opens new window) Returns the currently requested URL.
getUrlReferrer() (opens new window) Returns the URL referrer, null if not present
getUserAgent() (opens new window) Returns the user agent, null if not present.
getUserHost() (opens new window) Returns the user host name, null if it cannot be determined.
getUserHostAddress() Alias of {@link getIpAddress()}.
getValidatedPost() Returns a POST parameter. If the validateUnsafeRequestParams config setting has been set to true, and this is a front-end request, then the POST parameter’s value will be validated with {@link SecurityService::validateData()} before being returned, ensuring that the value had not been tampered with by the user.
hasEvent() (opens new window) Determines whether an event is defined.
hasEventHandler() (opens new window) Checks whether the named event has attached handlers.
hasProperty() (opens new window) Determines whether a property is defined.
init() Initializes the application component.
isActionRequest() Returns whether the current request should be routed to a specific controller action before normal request routing takes over.
isAjaxRequest() Alias of {@link getIsAjaxRequest()}.
isCpRequest() Returns whether the current request should be routed to the Control Panel.
isDeleteRequest() Alias of {@link getIsDeleteRequest()}.
isDeleteViaPostRequest() Alias of {@link getIsDeleteViaPostRequest()}.
isFlashRequest() Alias of {@link getIsFlashRequest()}.
isGetRequest() Alias of {@link getIsGetRequest()}.
isLivePreview() Returns whether this is a Live Preview request.
isMobileBrowser() Returns whether the request is coming from a mobile browser.
isPostRequest() Alias of {@link getIsPostRequest()}.
isPutRequest() Alias of {@link getIsPutRequest()}.
isPutViaPostRequest() Alias of {@link getIsPutViaPostRequest()}.
isResourceRequest() Returns whether the current request should be routed to a resource.
isSecureConnection() Alias of {@link getIsSecureConnection()}.
isSingleActionRequest() Returns whether the current request is solely an action request.
isSiteRequest() Returns whether the current request should be routed to the front-end site.
parseAcceptHeader() (opens new window) Parses an HTTP Accept header, returning an array map with all parts of each entry.
raiseEvent() (opens new window) Raises an event.
redirect() (opens new window) Redirects the browser to the specified URL.
regenCsrfCookie()
sendFile() Sends a file to the user.
setBaseUrl() (opens new window) Sets the relative URL for the application.
setHostInfo() (opens new window) Sets the schema and host part of the application URL.
setPort() (opens new window) Sets the port to use for insecure requests.
setScriptUrl() (opens new window) Sets the relative URL for the application entry script.
setSecurePort() (opens new window) Sets the port to use for secure requests.
stripSlashes() (opens new window) Strips slashes from input data.
validateCsrfToken() Performs the CSRF validation. This is the event handler responding to {@link CApplication::onBeginRequest}.
xSendFile() (opens new window) Sends existing file to a browser as a download using x-sendfile.

# close()

Attempts to closes the connection with the HTTP client, without ending PHP script execution. This method relies on flush() (opens new window), which may not actually work if mod_deflate or mod_gzip is installed, or if this is a Win32 server. See also http://stackoverflow.com/a/141026 View source (opens new window)

Arguments

Returns

null (opens new window)

Throws

  • Craft\Exception
    An exception will be thrown if content has already been output.

Signature

public null close ( $content = '' )

# decodePathInfo()

Decodes the path info. Replacement for Yii's {@link \CHttpRequest::decodePathInfo()}.

View source (opens new window)

Arguments

Returns

string (opens new window) – Decoded path info.

Signature

public string decodePathInfo ( $pathInfo )

# deleteCookie()

Deletes a cookie by its name.

View source (opens new window)

Arguments

  • $name – The cookie name.

Returns

null (opens new window)

Signature

public null deleteCookie ( $name )

# getActionSegments()

Returns an array of the action path segments, if this is an {@link isActionRequest() action request}.

View source (opens new window)

Returns

array (opens new window), null (opens new window) – The action path segments, or null if this isn’t an action request.

Signature

public array, null getActionSegments ( )

# getBrowserLanguages()

Returns a list of languages the user has selected in their browser’s settings, canonicalized using {@link LocaleData::getCanonicalID}. Internally, this method checks the Accept-Language header that should have accompanied the request. If that header was not present, the method will return false.

View source (opens new window)

Returns

array (opens new window), false (opens new window) – The preferred languages, or false if Craft is unable to determine them.

Signature

public array, false getBrowserLanguages ( )

# getClientOs()

Returns whether the client is running "Windows", "Mac", "Linux" or "Other", based on the browser's UserAgent string.

View source (opens new window)

Returns

string (opens new window) – The OS the client is running.

Signature

public string getClientOs ( )

# getCookie()

Returns a cookie by its name.

View source (opens new window)

Arguments

Returns

Craft\HttpCookie, null (opens new window) – The cookie, or null if it didn’t exist.

Signature

public Craft\HttpCookie, null getCookie ( $name )

# getCookies()

Returns the cookie collection. The result can be used like an associative array. Adding {@link HttpCookie} objects to the collection will send the cookies to the client; and removing the objects from the collection will delete those cookies on the client.

View source (opens new window)

Returns

Craft\CookieCollection – The cookie collection.

Signature

public Craft\CookieCollection getCookies ( )

# getCsrfToken()

Gets the current CSRF token from the CSRF token cookie, (re)creating the cookie if it is missing or invalid.

View source (opens new window)

Returns

string (opens new window)

Throws

Signature

public string getCsrfToken ( )

# getHostName()

Returns the host name, without “http://” or “https://”. Internally, this method will first check the Host header that should have accompanied the request, which browsers will set depending on the host name they are requesting. If that header does not exist, the method will fall back on the SERVER_NAME server environment variable.

View source (opens new window)

Returns

string (opens new window) – The host name.

Signature

public string getHostName ( )

# getIpAddress()

Retrieves the best guess of the client’s actual IP address taking into account numerous HTTP proxy headers due to variations in how different ISPs handle IP addresses in headers between hops. Considering any of these server vars besides REMOTE_ADDR can be spoofed, this method should not be used when you need a trusted source for the IP address. Use $_SERVER['REMOTE_ADDR'] instead.

View source (opens new window)

Returns

string (opens new window) – The IP address.

Signature

public string getIpAddress ( )

# getIsGetRequest()

Returns whether this is a GET request.

View source (opens new window)

Returns

boolean (opens new window) – Whether this is a GET request.

Signature

public boolean getIsGetRequest ( )

# getMimeType()

DEPRECATED

Deprecated Deprecated in 2.2. Use {@link HeaderHelper::getMimeType()} instead.

Returns the MIME type that is going to be included in the response via the Content-Type header.

View source (opens new window)

Returns

string (opens new window)

Signature

public string getMimeType ( )

# getNormalizedPath()

Returns the path Craft should use to route this request, including the CP trigger (opens new window) if it is in there.

View source (opens new window)

Returns

string (opens new window) – The path.

Signature

public string getNormalizedPath ( )

# getPageNum()

Returns the current page number.

View source (opens new window)

Returns

integer (opens new window) – The page number.

Signature

public integer getPageNum ( )

# getParam()

Returns a parameter from either the query string or POST data. This method will first search for the given paramater in the query string, calling {@link getQuery()} internally, and if that doesn’t come back with a value, it will call {@link getPost()}. If that doesn’t come back with a value either, $defaultValue will be returned.

$foo = craft()->request->getParam('foo'); // Returns $_GET['foo'] or $_POST['foo'], if either exist

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getParam('foo.bar'); // Returns $_GET['foo']['bar'] or $_POST['foo']['bar'], if either exist

All values will be converted to UTF-8, regardless of the original character encoding.

View source (opens new window)

Arguments

  • $name (string (opens new window)) – The dot-delimited name of the param to be fetched.
  • $defaultValue (mixed) – The fallback value to be returned if no param exists by the given $name. Defaults to null.

Returns

mixed – The value of the corresponding param, or $defaultValue if that value didn’t exist.

Signature

public mixed getParam ( $name, $defaultValue = null )

# getPath()

Returns the request’s Craft path. Note that the path will not include the CP trigger (opens new window) if it’s a CP request, or the page trigger (opens new window) or page number if it’s a paginated request.

View source (opens new window)

Returns

string (opens new window) – The Craft path.

Signature

public string getPath ( )

# getPost()

Returns a POST parameter, or all of them. If $name is specified, then the corresponding POST parameter will be returned if it exists, or $defaultValue will be returned if it doesn’t.

$foo = craft()->request->getPost('foo'); // Returns $_POST['foo'], if it exists

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getPost('foo.bar'); // Returns $_POST['foo']['bar'], if it exists

If $name is omitted, the entire $_POST array will be returned instead:

$allThePostParams = craft()->request->getPost(); // Returns $_POST

All values will be converted to UTF-8, regardless of the original character encoding.

View source (opens new window)

Arguments

  • $name (string (opens new window), null (opens new window)) – The dot-delimited name of the POST param to be fetched, if any.
  • $defaultValue (mixed) – The fallback value to be returned if no param exists by the given $name. Defaults to null.

Returns

mixed – The value of the corresponding POST param if a single param was requested, or $defaultValue if that value didn’t exist, or the entire $_POST array if no single param was requested.

Signature

public mixed getPost ( $name = null, $defaultValue = null )

# getQuery()

Returns a query string parameter, or all of them. If $name is specified, then the corresponding query string parameter will be returned if it exists, or $defaultValue will be returned if it doesn’t.

$foo = craft()->request->getQuery('foo'); // Returns $_GET['foo'], if it exists

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getQuery('foo.bar'); // Returns $_GET['foo']['bar'], if it exists

If $name is omitted, the entire $_GET array will be returned instead:

$allTheQueryParams = craft()->request->getQuery(); // Returns $_GET

All values will be converted to UTF-8, regardless of the original character encoding.

View source (opens new window)

Arguments

  • $name (string (opens new window), null (opens new window)) – The dot-delimited name of the query string param to be fetched, if any.
  • $defaultValue (mixed) – The fallback value to be returned if no param exists by the given $name. Defaults to null.

Returns

mixed – The value of the corresponding query string param if a single param was requested, or $defaultValue if that value didn’t exist, or the entire $_GET array if no single param was requested.

Signature

public mixed getQuery ( $name = null, $defaultValue = null )

# getQueryStringWithoutPath()

Returns the request’s query string, without the p= parameter.

View source (opens new window)

Returns

string (opens new window) – The query string.

Signature

public string getQueryStringWithoutPath ( )

# getRequiredParam()

Returns a parameter from either the query string or POST data, or bails on the request with a 400 error if that parameter doesn’t exist anywhere. This method will first search for the given paramater in the query string, calling {@link getQuery()} internally, and if that doesn’t come back with a value, it will call {@link getPost()}.

$foo = craft()->request->getRequiredParam('foo'); // Returns $_GET['foo'] or $_POST['foo']

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getParam('foo.bar'); // Returns $_GET['foo']['bar'] or $_POST['foo']['bar'], if either exist

All values will be converted to UTF-8, regardless of the original character encoding.

View source (opens new window)

Arguments

Returns

mixed – The value of the corresponding param, or $defaultValue if that value didn’t exist.

Throws

Signature

public mixed getRequiredParam ( $name )

# getRequiredPost()

Returns a POST parameter, or bails on the request with a 400 error if that parameter doesn’t exist.

$foo = craft()->request->getRequiredPost('foo'); // Returns $_POST['foo']

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getRequiredPost('foo.bar'); // Returns $_POST['foo']['bar']

The returned value will be converted to UTF-8, regardless of the original character encoding.

View source (opens new window)

Arguments

Returns

mixed – The value of the corresponding POST param.

Throws

Signature

public mixed getRequiredPost ( $name )

# getRequiredQuery()

Returns a query string parameter, or bails on the request with a 400 error if that parameter doesn’t exist.

$foo = craft()->request->getRequiredQuery('foo'); // Returns $_GET['foo']

$name can also represent a nested parameter using a dot-delimited string.

$bar = craft()->request->getRequiredQuery('foo.bar'); // Returns $_GET['foo']['bar']

The returned value will be converted to UTF-8, regardless of the original character encoding.

View source (opens new window)

Arguments

Returns

mixed – The value of the corresponding query string param.

Throws

Signature

public mixed getRequiredQuery ( $name )

# getScriptName()

Returns the script name used to access Craft (e.g. “index.php”).

View source (opens new window)

Returns

string (opens new window)

Signature

public string getScriptName ( )

# getSegment()

Returns a specific segment from the Craft path.

View source (opens new window)

Arguments

Returns

string (opens new window), null (opens new window) – The matching segment, or null if there wasn’t one.

Signature

public string, null getSegment ( $num )

# getSegments()

Returns an array of the Craft path’s segments. Note that the segments will not include the CP trigger (opens new window) if it’s a CP request, or the page trigger (opens new window) or page number if it’s a paginated request.

View source (opens new window)

Returns

array (opens new window) – The Craft path’s segments.

Signature

public array getSegments ( )

# getToken()

Returns the request’s token, if there is one.

View source (opens new window)

Returns

string (opens new window), null (opens new window) – The request’s token, or null if there isn’t one.

Signature

public string, null getToken ( )

# getUserHostAddress()

Alias of {@link getIpAddress()}.

View source (opens new window)

Returns

string (opens new window)

Signature

public string getUserHostAddress ( )

# getValidatedPost()

Returns a POST parameter. If the validateUnsafeRequestParams config setting has been set to true, and this is a front-end request, then the POST parameter’s value will be validated with {@link SecurityService::validateData()} before being returned, ensuring that the value had not been tampered with by the user.

View source (opens new window)

Arguments

Returns

mixed – The value of the corresponding POST param

Signature

public mixed getValidatedPost ( $name )

# init()

Initializes the application component.

View source (opens new window)

Returns

null (opens new window)

Signature

public null init ( )

# isActionRequest()

Returns whether the current request should be routed to a specific controller action before normal request routing takes over. There are several ways that this method could return true:

  • If the first segment in the Craft path matches the action trigger (opens new window)
  • If there is an 'action' param in either the POST data or query string
  • If the Craft path matches the Login path, the Logout path, or the Set Password path

View source (opens new window)

Returns

boolean (opens new window) – Whether the current request should be routed to a controller action.

Signature

public boolean isActionRequest ( )

# isAjaxRequest()

Alias of {@link getIsAjaxRequest()}.

View source (opens new window)

Returns

boolean (opens new window)

Signature

public boolean isAjaxRequest ( )

# isCpRequest()

Returns whether the current request should be routed to the Control Panel. The result depends on whether the first segment in the URI matches the CP trigger (opens new window).

Note that even if this function returns true, the request will not necessarily route to the Control Panel. It could instead route to a resource, for example.

View source (opens new window)

Returns

boolean (opens new window) – Whether the current request should be routed to the Control Panel.

Signature

public boolean isCpRequest ( )

# isDeleteRequest()

Alias of {@link getIsDeleteRequest()}.

View source (opens new window)

Returns

boolean (opens new window)

Signature

public boolean isDeleteRequest ( )

# isDeleteViaPostRequest()

Alias of {@link getIsDeleteViaPostRequest()}.

View source (opens new window)

Returns

boolean (opens new window)

Signature

public boolean isDeleteViaPostRequest ( )

# isFlashRequest()

Alias of {@link getIsFlashRequest()}.

View source (opens new window)

Returns

boolean (opens new window)

Signature

public boolean isFlashRequest ( )

# isGetRequest()

Alias of {@link getIsGetRequest()}.

View source (opens new window)

Signature

public void isGetRequest ( )

# isLivePreview()

Returns whether this is a Live Preview request.

View source (opens new window)

Returns

boolean (opens new window) – Whether this is a Live Preview request.

Signature

public boolean isLivePreview ( )

# isMobileBrowser()

Returns whether the request is coming from a mobile browser. The detection script is provided by http://detectmobilebrowsers.com. It was last updated on 2014-11-24.

View source (opens new window)

Arguments

Returns

boolean (opens new window) – Whether the request is coming from a mobile browser.

Signature

public boolean isMobileBrowser ( $detectTablets = false )

# isPostRequest()

Alias of {@link getIsPostRequest()}.

View source (opens new window)

Returns

boolean (opens new window)

Signature

public boolean isPostRequest ( )

# isPutRequest()

Alias of {@link getIsPutRequest()}.

View source (opens new window)

Returns

boolean (opens new window)

Signature

public boolean isPutRequest ( )

# isPutViaPostRequest()

Alias of {@link getIsPutViaPostRequest()}.

View source (opens new window)

Returns

boolean (opens new window)

Signature

public boolean isPutViaPostRequest ( )

# isResourceRequest()

Returns whether the current request should be routed to a resource. The result depends on whether the first segment in the Craft path matches the resource trigger (opens new window).

View source (opens new window)

Returns

boolean (opens new window) – Whether the current request should be routed to a resource.

Signature

public boolean isResourceRequest ( )

# isSecureConnection()

Alias of {@link getIsSecureConnection()}.

View source (opens new window)

Returns

boolean (opens new window)

Signature

public boolean isSecureConnection ( )

# isSingleActionRequest()

Returns whether the current request is solely an action request.

View source (opens new window)

Signature

public void isSingleActionRequest ( )

# isSiteRequest()

Returns whether the current request should be routed to the front-end site. The result will always just be the opposite of whatever {@link isCpRequest()} returns.

View source (opens new window)

Returns

boolean (opens new window) – Whether the current request should be routed to the front-end site.

Signature

public boolean isSiteRequest ( )

# regenCsrfCookie()

Signature

public void regenCsrfCookie ( )

# sendFile()

Sends a file to the user. We’re overriding this from {@link \CHttpRequest::sendFile()} so we can have more control over the headers.

View source (opens new window)

Arguments

Returns

null (opens new window)

Throws

Signature

public null sendFile ( $path, $content, $options = [], $terminate = true )

# validateCsrfToken()

Performs the CSRF validation. This is the event handler responding to {@link CApplication::onBeginRequest}. The default implementation will compare the CSRF token obtained from session and from a POST field. If they are different, a CSRF attack is detected.

View source (opens new window)

Arguments

Throws

Signature

public void validateCsrfToken ( $event )

# Protected Methods

Method Description
createCsrfCookie() Creates a cookie with a randomly generated CSRF token. Initial values specified in {@link csrfCookie} will be applied to the generated cookie.
csrfTokenValidForCurrentUser() Gets whether the CSRF token is valid for the current user or not
getIsDeleteViaPostRequest() (opens new window) Returns whether this is a DELETE request which was tunneled through POST.
getIsPatchViaPostRequest() (opens new window) Returns whether this is a PATCH request which was tunneled through POST.
getIsPutViaPostRequest() (opens new window) Returns whether this is a PUT request which was tunneled through POST.
normalizeRequest() (opens new window) Normalizes the request data.

# createCsrfCookie()

Creates a cookie with a randomly generated CSRF token. Initial values specified in {@link csrfCookie} will be applied to the generated cookie.

View source (opens new window)

Returns

Craft\HttpCookie – The generated cookie

Signature

protected Craft\HttpCookie createCsrfCookie ( )

# csrfTokenValidForCurrentUser()

Gets whether the CSRF token is valid for the current user or not

View source (opens new window)

Arguments

  • $token

Returns

boolean (opens new window)

Throws

Signature

protected boolean csrfTokenValidForCurrentUser ( $token )