public function setNoJsCookie(Request
$request) { // This controller may only be accessed when the browser does not support
// JavaScript. It is accessed automatically when that's the case thanks to
// big_pipe_page_attachments(). When this controller is executed, deny
// access when either:
// - the no-JS cookie is already set: this indicates a redirect loop, since
// the cookie was already set, yet the user is executing this controller;
// - there is no session, in which case BigPipe is not enabled anyway, so it
// is pointless to set this cookie.
if ($request->cookies->
has(BigPipeStrategy::NOJS_COOKIE
) || !
$request->
hasSession()) { throw new AccessDeniedHttpException();
} if (!
$request->query->
has('destination'
)) { throw new HttpException(400, 'The original location is missing.'
);
} $response =
new LocalRedirectResponse($request->query->
get('destination'
));
// Set cookie without httpOnly, so that JavaScript can delete it.
$response->headers->
setCookie(new Cookie(BigPipeStrategy::NOJS_COOKIE, TRUE, 0, '/', NULL, FALSE, FALSE, FALSE, NULL
));
$response->
addCacheableDependency((new CacheableMetadata())->
addCacheContexts(['cookies:' . BigPipeStrategy::NOJS_COOKIE, 'session.exists'
]));
return $response;
}