Request
- Type
- Class
- Namespace
- craft\web
- Inherits
- craft\web\Request » yii\web\Request (opens new window) » yii\base\Request (opens new window) » yii\base\Component (opens new window) » yii\base\BaseObject (opens new window)
- Implements
- yii\base\Configurable (opens new window)
- Uses traits
- craft\base\RequestTrait
- Since
- 3.0.0
View source (opens new window)
# Public Properties
# _token
- Type
- string (opens new window), null (opens new window)
- Default value
null
See also getToken()
View source (opens new window)
# acceptsImage
- Type
- boolean (opens new window)
- Default value
null
- Access
- Read-only
- Since
- 3.5.0
View source (opens new window)
# acceptsJson
- Type
- boolean (opens new window)
- Default value
null
- Access
- Read-only
View source (opens new window)
# actionSegments
- Type
- array (opens new window)
- Default value
null
The segments of the requested controller action path, if this is an action request.
View source (opens new window)
# clientOs
- Type
- string (opens new window)
- Default value
null
- Access
- Read-only
The OS the client is running.
View source (opens new window)
# fullPath
- Type
- string (opens new window)
- Default value
null
The full requested path, including the control panel trigger and pagination info.
View source (opens new window)
# fullUri
- Type
- string (opens new window)
- Default value
null
- Access
- Read-only
- Since
- 3.5.0
View source (opens new window)
# generalConfig
- Type
- craft\config\GeneralConfig, array (opens new window), string (opens new window)
- Default value
null
- Since
- 3.5.10
View source (opens new window)
# hadToken
- Type
- boolean (opens new window)
- Default value
null
- Access
- Read-only
- Since
- 3.6.0
View source (opens new window)
# ipHeaders
- Type
- string (opens new window)[]
- Default value
[ 'Client-IP', 'X-Forwarded-For', 'X-Forwarded', 'X-Cluster-Client-IP', 'Forwarded-For', 'Forwarded', ]
List of headers where proxies store the real client IP.
It's not advisable to put insecure headers here.
To use the Forwarded
header according to RFC 7239, the header must be added to secureHeaders (opens new window) list.
The match of header names is case-insensitive.
View source (opens new window)
# isActionRequest
- Type
- boolean (opens new window)
- Default value
null
Whether a specific controller action was requested.
View source (opens new window)
# isCpRequest
- Type
- boolean (opens new window)
- Default value
null
Whether the control panel was requested.
View source (opens new window)
# isGraphql
- Type
- boolean (opens new window)
- Default value
null
Whether the request’s MIME type is application/graphql
View source (opens new window)
# isJson
- Type
- boolean (opens new window)
- Default value
null
Whether the request’s MIME type is application/json
View source (opens new window)
# isLivePreview
- Type
- boolean (opens new window)
- Default value
null
Whether this is a Live Preview request.
View source (opens new window)
# isLoginRequest
- Type
- boolean (opens new window)
- Default value
null
- Access
- Read-only
- Since
- 3.2.0
View source (opens new window)
# isPreview
- Type
- boolean (opens new window)
- Default value
null
Whether this is an element preview request.
View source (opens new window)
# isSiteRequest
- Type
- boolean (opens new window)
- Default value
null
Whether the front end site was requested.
View source (opens new window)
# maxPageNum
- Type
- integer (opens new window)
- Default value
100000
- Since
- 3.1.14
The highest page number that Craft should accept.
View source (opens new window)
# mimeType
- Type
- string (opens new window), null (opens new window)
- Default value
null
The MIME type of the request, extracted from the request’s content type
View source (opens new window)
# normalizedContentType
- Type
- string (opens new window), null (opens new window)
- Default value
null
- Access
- Read-only
- Since
- 3.3.8
View source (opens new window)
# pageNum
- Type
- integer (opens new window)
- Default value
null
The requested page number.
View source (opens new window)
# path
- Type
- string (opens new window)
- Default value
null
The requested path, sans control panel trigger and pagination info.
View source (opens new window)
# queryStringWithoutPath
- Type
- string (opens new window)
- Default value
null
The request’s query string, without the path parameter.
View source (opens new window)
# rawCookies
- Type
- yii\web\CookieCollection (opens new window)
- Default value
null
- Access
- Read-only
- Since
- 3.5.0
The cookie collection.
View source (opens new window)
# segments
- Type
- array (opens new window)
- Default value
null
The segments of the requested path.
View source (opens new window)
# siteToken
- Type
- string (opens new window), null (opens new window)
- Default value
null
- Access
- Read-only
- Since
- 3.6.0
The token, or null
if there isn’t one.
View source (opens new window)
# sites
- Type
- craft\services\Sites, array (opens new window), string (opens new window), null (opens new window)
- Default value
'sites'
- Since
- 3.5.10
View source (opens new window)
# token
- Type
- string (opens new window)
- Default value
null
The token submitted with the request, if there is one.
View source (opens new window)
# Public Methods
Method | Description |
---|---|
__call() (opens new window) | Calls the named method which is not a class method. |
__clone() (opens new window) | This method is called after the object is created by cloning an existing one. |
__construct() (opens new window) | Constructor. |
__get() (opens new window) | Returns the value of a component property. |
__isset() (opens new window) | Checks if a property is set, i.e. defined and not null. |
__set() (opens new window) | Sets the value of a component property. |
__unset() (opens new window) | Sets a component property to be null. |
accepts() | Returns whether the request will accept a given content type3 |
attachBehavior() (opens new window) | Attaches a behavior to this component. |
attachBehaviors() (opens new window) | Attaches a list of behaviors to the component. |
behaviors() (opens new window) | Returns a list of behaviors that this component should behave as. |
canGetProperty() (opens new window) | Returns a value indicating whether a property can be read. |
canSetProperty() (opens new window) | Returns a value indicating whether a property can be set. |
checkIfActionRequest() | Checks to see if this is an action request. |
className() (opens new window) | Returns the fully qualified name of this class. |
detachBehavior() (opens new window) | Detaches a behavior from the component. |
detachBehaviors() (opens new window) | Detaches all behaviors from the component. |
ensureBehaviors() (opens new window) | Makes sure that the behaviors declared in behaviors() (opens new window) are attached to this component. |
get() (opens new window) | Returns GET parameter with a given name. If name isn't specified, returns an array of all GET parameters. |
getAbsoluteUrl() | Returns the currently requested absolute URL. |
getAcceptableContentTypes() (opens new window) | Returns the content types acceptable by the end user. |
getAcceptableLanguages() (opens new window) | Returns the languages acceptable by the end user. |
getAcceptsImage() | Returns whether the request will accept an image response. |
getAcceptsJson() | Returns whether the request will accept a JSON response. |
getActionSegments() | Returns the segments of the requested controller action path, if this is an action request. |
getAuthCredentials() (opens new window) | |
getAuthPassword() (opens new window) | |
getAuthUser() (opens new window) | |
getBaseUrl() (opens new window) | Returns the relative URL for the application. |
getBehavior() (opens new window) | Returns the named behavior object. |
getBehaviors() (opens new window) | Returns all behaviors attached to this component. |
getBodyParam() | Returns the named request body parameter value. |
getBodyParams() | Returns the request parameters given in the request body. |
getClientOs() | Returns whether the client is running "Windows", "Mac", "Linux" or "Other", based on the browser's UserAgent string. |
getContentType() (opens new window) | Returns request content-type The Content-Type header field indicates the MIME type of the data contained in getRawBody() (opens new window) or, in the case of the HEAD method, the media type that would have been sent had the request been a GET. |
getCookies() (opens new window) | Returns the cookie collection. |
getCsrfToken() | Returns the token used to perform CSRF validation. |
getCsrfTokenFromHeader() (opens new window) | |
getETags() (opens new window) | Gets the Etags. |
getFullPath() | Returns the full request path, whether that came from the path info or the path query parameter. |
getFullUri() | Returns the full requested URI. |
getHadToken() | Returns whether the request initially had a token. |
getHeaders() (opens new window) | Returns the header collection. |
getHostInfo() (opens new window) | Returns the schema and host part of the current request URL. |
getHostName() (opens new window) | Returns the host part of the current request URL. |
getIsActionRequest() | Returns whether a specific controller action was requested. |
getIsAjax() (opens new window) | Returns whether this is an AJAX (XMLHttpRequest) request. |
getIsConsoleRequest() (opens new window) | Returns a value indicating whether the current request is made via command line. |
getIsCpRequest() | Returns whether the control panel was requested. |
getIsDelete() (opens new window) | Returns whether this is a DELETE request. |
getIsFlash() (opens new window) | Returns whether this is an Adobe Flash or Flex request. |
getIsGet() (opens new window) | Returns whether this is a GET request. |
getIsGraphql() | Returns whether the request’s MIME type is application/graphql . |
getIsHead() (opens new window) | Returns whether this is a HEAD request. |
getIsJson() | Returns whether the request’s MIME type is application/json . |
getIsLivePreview() | Returns whether this is a Live Preview request. |
getIsLoginRequest() | Returns whether this was a Login request. |
getIsOptions() (opens new window) | Returns whether this is an OPTIONS request. |
getIsPatch() (opens new window) | Returns whether this is a PATCH request. |
getIsPjax() (opens new window) | Returns whether this is a PJAX request. |
getIsPost() (opens new window) | Returns whether this is a POST request. |
getIsPreview() | Returns whether this is an element preview request. |
getIsPut() (opens new window) | Returns whether this is a PUT request. |
getIsSecureConnection() (opens new window) | Return if the request is sent via secure channel (https). |
getIsSiteRequest() | Returns whether the front end site was requested. |
getMethod() (opens new window) | Returns the method of the current request (e.g. GET, POST, HEAD, PUT, PATCH, DELETE). |
getMimeType() | Returns the MIME type of the request, extracted from the request’s content type. |
getNormalizedContentType() | Returns the normalized content type. |
getOrigin() (opens new window) | Returns the URL origin of a CORS request. |
getPageNum() | Returns the requested page number. |
getParam() | Returns the named parameter value from either GET or the request body. |
getPathInfo() | Returns the requested path, sans control panel trigger and pagination info. |
getPort() (opens new window) | Returns the port to use for insecure requests. |
getPreferredLanguage() (opens new window) | Returns the user-preferred language that should be used by this application. |
getQueryParam() | Returns the named GET parameter value. |
getQueryParams() | Returns the request parameters given in the queryString (opens new window). |
getQueryString() (opens new window) | Returns part of the request URL that is after the question mark. |
getQueryStringWithoutPath() | Returns the request’s query string, without the path parameter. |
getRawBody() (opens new window) | Returns the raw HTTP request body. |
getRawCookies() | Returns the “raw” cookie collection. |
getReferrer() (opens new window) | Returns the URL referrer. |
getRemoteHost() (opens new window) | Returns the host name of the other end of this connection. |
getRemoteIP() | Returns the IP on the other end of this connection. |
getRequiredBodyParam() | Returns the named request body parameter value, or bails on the request with a 400 error if that parameter doesn’t exist. |
getRequiredParam() | Returns the named parameter value from either GET or the request body, or bails on the request with a 400 error if that parameter doesn’t exist anywhere. |
getRequiredQueryParam() | Returns the named GET parameter value, or bails on the request with a 400 error if that parameter doesn’t exist. |
getScriptFile() (opens new window) | Returns the entry script file path. |
getScriptFilename() | Returns the requested script name being used to access Craft (e.g. “index.php”). |
getScriptUrl() (opens new window) | Returns the relative URL of the entry script. |
getSecurePort() (opens new window) | Returns the port to use for secure requests. |
getSegment() | Returns a specific segment from the Craft path. |
getSegments() | Returns the segments of the requested path. |
getServerName() (opens new window) | Returns the server name. |
getServerPort() (opens new window) | Returns the server port number. If a port is specified via a forwarding header (e.g. 'X-Forwarded-Port') and the remote host is a "trusted host" the that port will be used (see portHeaders (opens new window)), otherwise the default server port will be returned. |
getSiteToken() | Returns the site token submitted with the request, if there is one. |
getToken() | Returns the token submitted with the request, if there is one. |
getUrl() (opens new window) | Returns the currently requested relative URL. |
getUserAgent() (opens new window) | Returns the user agent. |
getUserHost() (opens new window) | Returns the user host name. |
getUserIP() | Returns the user IP address. |
getValidatedBodyParam() | Validates and returns the named request body parameter value, or bails on the request with a 400 error if that parameter doesn’t pass validation. |
hasEventHandlers() (opens new window) | Returns a value indicating whether there is any handler attached to the named event. |
hasMethod() (opens new window) | Returns a value indicating whether a method is defined. |
hasProperty() (opens new window) | Returns a value indicating whether a property is defined for this component. |
hasValidSiteToken() | Returns whether the request has a valid site token. |
init() | Initializes the object. |
isMobileBrowser() | Returns whether the request is coming from a mobile browser. |
off() (opens new window) | Detaches an existing event handler from this component. |
on() (opens new window) | Attaches an event handler to an event. |
parseAcceptHeader() (opens new window) | Parses the given Accept (or Accept-Language ) header. |
post() (opens new window) | Returns POST parameter with a given name. If name isn't specified, returns an array of all POST parameters. |
regenCsrfToken() | Regenerates a CSRF token. |
resolve() (opens new window) | Resolves the current request into a route and the associated parameters. |
setAcceptableContentTypes() (opens new window) | Sets the acceptable content types. |
setAcceptableLanguages() (opens new window) | |
setBaseUrl() (opens new window) | Sets the relative URL for the application. |
setBodyParams() (opens new window) | Sets the request body parameters. |
setHostInfo() (opens new window) | Sets the schema and host part of the application URL. |
setIsActionRequest() | Overrides whether this request should be treated as an action request. |
setIsConsoleRequest() (opens new window) | Sets the value indicating whether the current request is made via command line. |
setIsCpRequest() | Sets whether the control panel was requested. |
setIsLivePreview() | Sets whether this is a Live Preview request. |
setPathInfo() (opens new window) | Sets the path info of the current request. |
setPort() (opens new window) | Sets the port to use for insecure requests. |
setQueryParams() (opens new window) | Sets the request queryString (opens new window) parameters. |
setRawBody() (opens new window) | Sets the raw HTTP request body, this method is mainly used by test scripts to simulate raw HTTP requests. |
setScriptFile() (opens new window) | Sets the entry script file path. |
setScriptUrl() (opens new window) | Sets the relative URL for the application entry script. |
setSecurePort() (opens new window) | Sets the port to use for secure requests. |
setToken() | Sets the token value. |
setUrl() (opens new window) | Sets the currently requested relative URL. |
trigger() (opens new window) | Triggers an event. |
validateCsrfToken() (opens new window) | Performs the CSRF validation. |
# accepts()
Returns whether the request will accept a given content type3
View source (opens new window)
Arguments
$contentType
(string (opens new window))
Returns
# checkIfActionRequest()
- Since
- 3.7.0
Checks to see if this is an action request.
View source (opens new window)
Arguments
$force
(boolean (opens new window)) – Whether to recheck even if we already know$checkToken
(boolean (opens new window)) – Whether to check if there’s a token on the request and use that.$checkSpecialPaths
(boolean (opens new window)) – Whether to check for special URIs that should route to controller actions
# getAbsoluteUrl()
Returns the currently requested absolute URL.
This is a shortcut to the concatenation of hostInfo (opens new window) and url (opens new window).
WARNING
Don’t include the results of this method in places that will be cached, to avoid a cache poisoning attack.
View source (opens new window)
Returns
string (opens new window) – The currently requested absolute URL.
# getAcceptsImage()
- Since
- 3.5.0
Returns whether the request will accept an image response.
View source (opens new window)
Returns
# getAcceptsJson()
Returns whether the request will accept a JSON response.
View source (opens new window)
Returns
# getActionSegments()
Returns the segments of the requested controller action path, if this is an action request.
View source (opens new window)
Returns
array (opens new window), null (opens new window) – The action path segments, or null
if this isn’t an action request.
# getBodyParam()
Returns the named request body parameter value.
If the parameter does not exist, the second argument passed to this method will be returned.
See also:
View source (opens new window)
Arguments
$name
(string (opens new window)) – The parameter name.$defaultValue
(mixed
) – The default parameter value if the parameter does not exist.
Returns
mixed
– The parameter value
# getBodyParams()
Returns the request parameters given in the request body.
Request parameters are determined using the parsers configured in parsers (opens new window) property.
If no parsers are configured for the current contentType (opens new window) it uses the PHP function mb_parse_str()
to parse the request body (opens new window).
View source (opens new window)
Returns
array (opens new window), object (opens new window) – The request parameters given in the request body.
Throws
- yii\base\InvalidConfigException (opens new window)
if a registered parser does not implement the\craft\web\RequestParserInterface
.
# getClientOs()
Returns whether the client is running "Windows", "Mac", "Linux" or "Other", based on the browser's UserAgent string.
View source (opens new window)
Returns
string (opens new window) – The OS the client is running.
# getCsrfToken()
Returns the token used to perform CSRF validation.
This token is a masked version of \craft\web\rawCsrfToken
to prevent BREACH attacks (opens new window).
This token may be passed along via a hidden field of an HTML form or an HTTP header value
to support CSRF validation.
View source (opens new window)
Arguments
$regenerate
(boolean (opens new window)) – Whether to regenerate CSRF token. When this parameter is true, each time this method is called, a new CSRF token will be generated and persisted (in session or cookie).
Returns
string (opens new window) – The token used to perform CSRF validation.
# getFullPath()
Returns the full request path, whether that came from the path info or the path query parameter.
Leading and trailing slashes will be removed.
View source (opens new window)
Returns
# getFullUri()
- Since
- 3.5.0
Returns the full requested URI.
View source (opens new window)
Returns
# getHadToken()
- Since
- 3.6.0
Returns whether the request initially had a token.
View source (opens new window)
Returns
Throws
# getIsActionRequest()
Returns whether a specific controller action was requested.
There are several ways that this method could return true
:
- If the first segment in the Craft path matches the action trigger (opens new window)
- If there is an
action
param in either the POST data or query string - If the Craft path matches the Login path, the Logout path, or the Set Password path
View source (opens new window)
Returns
boolean (opens new window) – Whether the current request should be routed to a controller action.
# getIsCpRequest()
Returns whether the control panel was requested.
The result depends on whether the first segment in the URI matches the control panel trigger (opens new window).
View source (opens new window)
Returns
boolean (opens new window) – Whether the current request should be routed to the control panel.
# getIsGraphql()
- Since
- 3.5.0
Returns whether the request’s MIME type is application/graphql
.
View source (opens new window)
Returns
# getIsJson()
- Since
- 3.5.0
Returns whether the request’s MIME type is application/json
.
View source (opens new window)
Returns
# getIsLivePreview()
Returns whether this is a Live Preview request.
TIP
As of Craft 3.2, entries use a new previewing system, so this won’t return true
for them. Check
getIsPreview() instead for entries.
View source (opens new window)
Returns
boolean (opens new window) – Whether this is a Live Preview request.
# getIsLoginRequest()
- Since
- 3.2.0
Returns whether this was a Login request.
View source (opens new window)
Returns
# getIsPreview()
- Since
- 3.2.1
Returns whether this is an element preview request.
TIP
This will only return true
when previewing entries at the moment. For all other element types, check
getIsLivePreview().
View source (opens new window)
Returns
# getIsSiteRequest()
Returns whether the front end site was requested.
The result will always just be the opposite of whatever getIsCpRequest() returns.
View source (opens new window)
Returns
boolean (opens new window) – Whether the current request should be routed to the front-end site.
# getMimeType()
- Since
- 3.5.0
Returns the MIME type of the request, extracted from the request’s content type.
View source (opens new window)
Returns
string (opens new window), null (opens new window)
# getNormalizedContentType()
- Since
- 3.3.8
Returns the normalized content type.
View source (opens new window)
Returns
string (opens new window), null (opens new window)
# getPageNum()
Returns the requested page number.
View source (opens new window)
Returns
integer (opens new window) – The requested page number.
# getParam()
Returns the named parameter value from either GET or the request body.
If the parameter does not exist, the second parameter to this method will be returned.
See also:
View source (opens new window)
Arguments
$name
(string (opens new window)) – The parameter name.$defaultValue
(mixed
) – The default parameter value if the parameter does not exist.
Returns
mixed
– The parameter value.
# getPathInfo()
Returns the requested path, sans control panel trigger and pagination info.
If $returnRealPathInfo is returned, then yii\web\Request::getPathInfo() (opens new window) will be returned.
View source (opens new window)
Arguments
$returnRealPathInfo
(boolean (opens new window)) – Whether the real path info should be returned instead.
Returns
string (opens new window) – The requested path, or the path info.
Throws
- yii\base\InvalidConfigException (opens new window)
if the path info cannot be determined due to unexpected server configuration
# getQueryParam()
Returns the named GET parameter value.
If the GET parameter does not exist, the second argument passed to this method will be returned.
See also getBodyParam() View source (opens new window)
Arguments
$name
(string (opens new window)) – The GET parameter name.$defaultValue
(mixed
) – The default parameter value if the GET parameter does not exist.
Returns
mixed
– The GET parameter value.
# getQueryParams()
Returns the request parameters given in the queryString (opens new window).
This method will return the contents of $_GET
if params where not explicitly set.
View source (opens new window)
Returns
array (opens new window) – The request GET parameter values.
# getQueryStringWithoutPath()
Returns the request’s query string, without the path parameter.
View source (opens new window)
Returns
string (opens new window) – The query string.
# getRawCookies()
- Since
- 3.5.0
Returns the “raw” cookie collection.
Works similar to getCookies() (opens new window), but these cookies won’t go through validation, and their values won’t be hashed.
View source (opens new window)
Returns
yii\web\CookieCollection (opens new window) – The cookie collection.
# getRemoteIP()
Returns the IP on the other end of this connection.
This is always the next hop, any headers are ignored.
View source (opens new window)
Arguments
$filterOptions
(integer (opens new window)) – Bitwise disjunction of flags that should be passed to filter_var() (opens new window) when validating the IP address. Options includeFILTER_FLAG_IPV4
,FILTER_FLAG_IPV6
,FILTER_FLAG_NO_PRIV_RANGE
, andFILTER_FLAG_NO_RES_RANGE
.
Returns
string (opens new window), null (opens new window) – Remote IP address, null
if not available.
# getRequiredBodyParam()
Returns the named request body parameter value, or bails on the request with a 400 error if that parameter doesn’t exist.
See also getBodyParam() View source (opens new window)
Arguments
$name
(string (opens new window)) – The parameter name.
Returns
mixed
– The parameter value
Throws
- yii\web\BadRequestHttpException (opens new window)
if the request does not have the body param
# getRequiredParam()
Returns the named parameter value from either GET or the request body, or bails on the request with a 400 error if that parameter doesn’t exist anywhere.
See also:
View source (opens new window)
Arguments
$name
(string (opens new window)) – The parameter name.
Returns
mixed
– The parameter value.
Throws
- yii\web\BadRequestHttpException (opens new window)
if the request does not have the param
# getRequiredQueryParam()
Returns the named GET parameter value, or bails on the request with a 400 error if that parameter doesn’t exist.
See also getQueryParam() View source (opens new window)
Arguments
$name
(string (opens new window)) – The GET parameter name.
Returns
mixed
– The GET parameter value.
Throws
- yii\web\BadRequestHttpException (opens new window)
if the request does not have the query param
# getSegment()
Returns a specific segment from the Craft path.
View source (opens new window)
Arguments
$num
(integer (opens new window)) – Which segment to return (1-indexed).
Returns
string (opens new window), null (opens new window) – The matching segment, or null
if there wasn’t one.
# getSegments()
Returns the segments of the requested path.
TIP
Note that the segments will not include the control panel trigger (opens new window) if it’s a control panel request, or the page trigger (opens new window) or page number if it’s a paginated request.
View source (opens new window)
Returns
array (opens new window) – The Craft path’s segments.
# getSiteToken()
- Since
- 3.6.0
Returns the site token submitted with the request, if there is one.
Tokens must be sent either as a query string param named after the config4:siteToken (opens new window) config setting
(siteToken
by default), or an X-Craft-Site-Token
HTTP header on the request.
View source (opens new window)
Returns
string (opens new window), null (opens new window) – The token, or null
if there isn’t one.
# getToken()
Returns the token submitted with the request, if there is one.
Tokens must be sent either as a query string param named after the config4:tokenParam (opens new window) config setting (token
by
default), or an X-Craft-Token
HTTP header on the request.
See also:
View source (opens new window)
Returns
string (opens new window), null (opens new window) – The token, or null
if there isn’t one.
Throws
- yii\web\BadRequestHttpException (opens new window)
if an invalid token is supplied
# getUserIP()
Returns the user IP address.
The IP is determined using headers and / or $_SERVER
variables.
View source (opens new window)
Arguments
$filterOptions
(integer (opens new window)) – Bitwise disjunction of flags that should be passed to filter_var() (opens new window) when validating the IP address. Options includeFILTER_FLAG_IPV4
,FILTER_FLAG_IPV6
,FILTER_FLAG_NO_PRIV_RANGE
, andFILTER_FLAG_NO_RES_RANGE
.
Returns
string (opens new window), null (opens new window) – User IP address, null if not available
# getValidatedBodyParam()
Validates and returns the named request body parameter value, or bails on the request with a 400 error if that parameter doesn’t pass validation.
See also getBodyParam() View source (opens new window)
Arguments
$name
(string (opens new window)) – The parameter name.
Returns
string (opens new window), null (opens new window) – The parameter value
Throws
- yii\web\BadRequestHttpException (opens new window)
if the param value doesn’t pass validation
# hasValidSiteToken()
- Since
- 4.4.6
Returns whether the request has a valid site token.
View source (opens new window)
Returns
# init()
Initializes the object.
This method is invoked at the end of the constructor after the object is initialized with the given configuration.
View source (opens new window)
# isMobileBrowser()
Returns whether the request is coming from a mobile browser.
The detection script is provided by http://detectmobilebrowsers.com. It was last updated on 2014-11-24.
View source (opens new window)
Arguments
$detectTablets
(boolean (opens new window)) – Whether tablets should be considered “mobile”.
Returns
boolean (opens new window) – Whether the request is coming from a mobile browser.
# regenCsrfToken()
Regenerates a CSRF token.
View source (opens new window)
# setIsActionRequest()
- Since
- 3.7.8
Overrides whether this request should be treated as an action request.
See also checkIfActionRequest() View source (opens new window)
Arguments
$isActionRequest
(boolean (opens new window))
# setIsCpRequest()
- Since
- 3.5.0
Sets whether the control panel was requested.
View source (opens new window)
Arguments
$isCpRequest
(boolean (opens new window), null (opens new window))
# setIsLivePreview()
Sets whether this is a Live Preview request.
View source (opens new window)
Arguments
$isLivePreview
(boolean (opens new window))
# setToken()
- Since
- 3.6.0
Sets the token value.
View source (opens new window)
Arguments
$token
(?string
)
# Protected Methods
# csrfTokenValidForCurrentUser()
Gets whether the CSRF token is valid for the current user or not
View source (opens new window)
Arguments
$token
(string (opens new window))
Returns
# generateCsrfToken()
Generates an unmasked random token used to perform CSRF validation.
View source (opens new window)
Returns
string (opens new window) – The random token for CSRF validation.
# loadRawCookies()
- Since
- 3.5.0
Converts any invalid cookies in $_COOKIE
into an array of yii\web\Cookie (opens new window) objects.
View source (opens new window)
Returns
yii\web\Cookie (opens new window)
# Constants
Constant | Description |
---|---|
CP_PATH_LOGIN | |
CP_PATH_LOGOUT | |
CP_PATH_SET_PASSWORD | |
CP_PATH_UPDATE | |
CP_PATH_VERIFY_EMAIL | |
CSRF_HEADER | The name of the HTTP header for sending CSRF token. |
CSRF_MASK_LENGTH | The length of the CSRF token mask. |
← ErrorHandler Response →