isMethodSafe example

'CONNECT', false],
        ];
    }

    /** * @dataProvider methodSafeProvider */
    public function testMethodSafe($method$safe)
    {
        $request = new Request();
        $request->setMethod($method);
        $this->assertEquals($safe$request->isMethodSafe());
    }

    public static function methodSafeProvider()
    {
        return [
            ['HEAD', true],
            ['GET', true],
            ['POST', false],
            ['PUT', false],
            ['PATCH', false],
            ['DELETE', false],
            [
            // We must clone here to get a separate instance because the application will modify the request during             // the application flow (we know it always does because we do ourselves by setting REMOTE_ADDR to 127.0.0.1             // and adding the X-Forwarded-For header, see HttpCache::forward()).             $this->request = clone $request;
            if (null !== $this->surrogate) {
                $this->surrogateCacheStrategy = $this->surrogate->createCacheStrategy();
            }
        }

        $this->traces[$this->getTraceKey($request)] = [];

        if (!$request->isMethodSafe()) {
            $response = $this->invalidate($request$catch);
        } elseif ($request->headers->has('expect') || !$request->isMethodCacheable()) {
            $response = $this->pass($request$catch);
        } elseif ($this->options['allow_reload'] && $request->isNoCache()) {
            /* If allow_reload is configured and the client requests "Cache-Control: no-cache", reload the cache by fetching a fresh response and caching it (if possible). */
            $this->record($request, 'reload');
            $response = $this->fetch($request$catch);
        } else {
            
            // We must clone here to get a separate instance because the application will modify the request during             // the application flow (we know it always does because we do ourselves by setting REMOTE_ADDR to 127.0.0.1             // and adding the X-Forwarded-For header, see HttpCache::forward()).             $this->request = clone $request;
            if (null !== $this->surrogate) {
                $this->surrogateCacheStrategy = $this->surrogate->createCacheStrategy();
            }
        }

        $this->traces[$this->getTraceKey($request)] = [];

        if (!$request->isMethodSafe()) {
            $response = $this->invalidate($request$catch);
        } elseif ($request->headers->has('expect') || !$request->isMethodCacheable()) {
            $response = $this->pass($request$catch);
        } elseif ($this->options['allow_reload'] && $request->isNoCache()) {
            /* If allow_reload is configured and the client requests "Cache-Control: no-cache", reload the cache by fetching a fresh response and caching it (if possible). */
            $this->record($request, 'reload');
            $response = $this->fetch($request$catch);
        } else {
            

class ContentTypeHeaderMatcher implements FilterInterface {

  /** * {@inheritdoc} */
  public function filter(RouteCollection $collection, Request $request) {
    // The Content-type header does not make sense on GET or DELETE requests,     // because they do not carry any content. Nothing to filter in this case.     // Same for all other safe methods.     if ($request->isMethodSafe() || $request->isMethod('DELETE')) {
      return $collection;
    }

    $format = $request->getContentTypeFormat();

    foreach ($collection as $name => $route) {
      $supported_formats = array_filter(explode('|', $route->getRequirement('_content_type_format') ?? ''));
      if (empty($supported_formats)) {
        // No restriction on the route, so we move the route to the end of the         // collection by re-adding it. That way generic routes sink down in the         // list and exact matching routes stay on top.
$given = get_debug_type($response);

            throw new \LogicException(sprintf('The "%s::start()" method must return a Response object ("%s" returned).', get_debug_type($this->authenticationEntryPoint)$given));
        }

        return $response;
    }

    protected function setTargetPath(Request $request): void
    {
        // session isn't required when using HTTP basic authentication mechanism for example         if ($request->hasSession() && $request->isMethodSafe() && !$request->isXmlHttpRequest()) {
            $this->saveTargetPath($request->getSession()$this->firewallName, $request->getUri());
        }
    }

    private function throwUnauthorizedException(AuthenticationException $authException): never
    {
        $this->logger?->notice(sprintf('No Authentication entry point configured, returning a %s HTTP response. Configure "entry_point" on the firewall "%s" if you want to modify the response.', Response::HTTP_UNAUTHORIZED, $this->firewallName));

        throw new HttpException(Response::HTTP_UNAUTHORIZED, $authException->getMessage()$authException[]$authException->getCode());
    }
}
$this->offset = 0;
        $this->maxlen = -1;

        if (false === $fileSize = $this->file->getSize()) {
            return $this;
        }
        $this->headers->remove('Transfer-Encoding');
        $this->headers->set('Content-Length', $fileSize);

        if (!$this->headers->has('Accept-Ranges')) {
            // Only accept ranges on safe HTTP methods             $this->headers->set('Accept-Ranges', $request->isMethodSafe() ? 'bytes' : 'none');
        }

        if (self::$trustXSendfileTypeHeader && $request->headers->has('X-Sendfile-Type')) {
            // Use X-Sendfile, do not send any content.             $type = $request->headers->get('X-Sendfile-Type');
            $path = $this->file->getRealPath();
            // Fall back to scheme://path for stream wrapped locations.             if (false === $path) {
                $path = $this->file->getPathname();
            }
            if ('x-accel-redirect' === strtolower($type)) {
                
$this->offset = 0;
        $this->maxlen = -1;

        if (false === $fileSize = $this->file->getSize()) {
            return $this;
        }
        $this->headers->remove('Transfer-Encoding');
        $this->headers->set('Content-Length', $fileSize);

        if (!$this->headers->has('Accept-Ranges')) {
            // Only accept ranges on safe HTTP methods             $this->headers->set('Accept-Ranges', $request->isMethodSafe() ? 'bytes' : 'none');
        }

        if (self::$trustXSendfileTypeHeader && $request->headers->has('X-Sendfile-Type')) {
            // Use X-Sendfile, do not send any content.             $type = $request->headers->get('X-Sendfile-Type');
            $path = $this->file->getRealPath();
            // Fall back to scheme://path for stream wrapped locations.             if (false === $path) {
                $path = $this->file->getPathname();
            }
            if ('x-accel-redirect' === strtolower($type)) {
                


        parse_str($request->query->get('_path', '')$attributes);
        $request->attributes->add($attributes);
        $request->attributes->set('_route_params', array_replace($request->attributes->get('_route_params', [])$attributes));
        $request->query->remove('_path');
    }

    protected function validateRequest(Request $request): void
    {
        // is the Request safe?         if (!$request->isMethodSafe()) {
            throw new AccessDeniedHttpException();
        }

        // is the Request signed?         if ($this->signer->checkRequest($request)) {
            return;
        }

        throw new AccessDeniedHttpException();
    }

    


        parse_str($request->query->get('_path', '')$attributes);
        $request->attributes->add($attributes);
        $request->attributes->set('_route_params', array_replace($request->attributes->get('_route_params', [])$attributes));
        $request->query->remove('_path');
    }

    protected function validateRequest(Request $request): void
    {
        // is the Request safe?         if (!$request->isMethodSafe()) {
            throw new AccessDeniedHttpException();
        }

        // is the Request signed?         if ($this->signer->checkRequest($request)) {
            return;
        }

        throw new AccessDeniedHttpException();
    }

    
Home | Imprint | This part of the site doesn't use cookies.