New in Symfony 5.1: The "safe" HTTP Preference
Contributed by
Loïck Piera
in #34847.
Some web sites have a "safe" mode to assist those who don't want to be exposed to content to which they might object. Instead of configuring this option for each web site, browser can indicate your safe preference to all web sites.
This feature is fully explained in the RFC 8674 document. Broadly speaking,
browsers requesting safe content add the Prefer: safe HTTP header and
servers honoring it include these headers in their responses:
Preference-Applied: safe and Vary: Prefer.
In Symfony 5.1, we added support for this feature in the HttpFoundation component. First, you can check if a user requested safe content:
1 2 3 4 | // $request is an instance of Symfony\Component\HttpFoundation\Request
if ($request->preferSafeContent()) {
// ...
}
|
If you fulfilled the safe request, use the setContentSafe() method on the
response to add the needed HTTP headers:
1 2 3 4 | use Symfony\Component\HttpFoundation\Response;
$response = new Response('...');
$response->setContentSafe();
|
An important thing to keep in mind is that the RFC 8674 specification doesn't
define what can be considered as "safe content". Each web site decides which of
their contents are objectionable or unsafe in some way.
About us
What a Symfony developer should know about the framework: News, Jobs, Tweets, Events, Videos,...
- Welcome to Symfony News !
- More About us
- Contact us on contact[at]symfony-news.com