Class craft\web\Request
- Inheritance
- craft\web\Request » yii\web\Request » yii\base\Request » yii\base\Component » yii\base\BaseObject
- Implements
- yii\base\Configurable
- Uses Traits
- craft\base\RequestTrait
- Available since version
- 3.0
- Source Code
- https://github.com/craftcms/cms/blob/master/src/web/Request.php
| Property | Type | Description | Defined By |
|---|---|---|---|
$cookieValidationKey |
string | A secret key used for cookie validation. | yii\web\Request |
$csrfCookie |
array | The configuration for creating the CSRF cookie. | yii\web\Request |
$csrfParam |
string | The name of the token used to prevent CSRF. | yii\web\Request |
$enableCookieValidation |
boolean | Whether cookies should be validated to ensure they are not tampered. | yii\web\Request |
$enableCsrfCookie |
boolean | Whether to use cookie to persist CSRF token. | yii\web\Request |
$enableCsrfValidation |
boolean | Whether to enable CSRF (Cross-Site Request Forgery) validation. | yii\web\Request |
$ipHeaders |
string[] | List of headers where proxies store the real client IP. | craft\web\Request |
$methodParam |
string | The name of the POST parameter that is used to indicate if a request is a PUT, PATCH or DELETE request tunneled through POST. | yii\web\Request |
$parsers |
array | The parsers for converting the raw HTTP request body into \yii\web\bodyParams. | yii\web\Request |
$secureHeaders |
array | Lists of headers that are, by default, subject to the trusted host configuration. | yii\web\Request |
$secureProtocolHeaders |
array | List of headers to check for determining whether the connection is made via HTTPS. | yii\web\Request |
$trustedHosts |
array | The configuration for trusted security related headers. | yii\web\Request |
| Method | Description | Defined By |
|---|---|---|
__call() |
Calls the named method which is not a class method. | yii\base\BaseObject |
__clone() |
This method is called after the object is created by cloning an existing one. | yii\base\Component |
__construct() |
Constructor. | yii\base\BaseObject |
__get() |
Returns the value of an object property. | yii\base\BaseObject |
__isset() |
Checks if a property is set, i.e. defined and not null. | yii\base\BaseObject |
__set() |
Sets value of an object property. | yii\base\BaseObject |
__unset() |
Sets an object property to null. | yii\base\BaseObject |
accepts() |
Returns whether the request will accept a given content type3 | craft\web\Request |
attachBehavior() |
Attaches a behavior to this component. | yii\base\Component |
attachBehaviors() |
Attaches a list of behaviors to the component. | yii\base\Component |
behaviors() |
Returns a list of behaviors that this component should behave as. | yii\base\Component |
canGetProperty() |
Returns a value indicating whether a property can be read. | yii\base\BaseObject |
canSetProperty() |
Returns a value indicating whether a property can be set. | yii\base\BaseObject |
className() |
Returns the fully qualified name of this class. | yii\base\BaseObject |
detachBehavior() |
Detaches a behavior from the component. | yii\base\Component |
detachBehaviors() |
Detaches all behaviors from the component. | yii\base\Component |
ensureBehaviors() |
Makes sure that the behaviors declared in behaviors() are attached to this component. | yii\base\Component |
get() |
Returns GET parameter with a given name. If name isn't specified, returns an array of all GET parameters. | yii\web\Request |
getAbsoluteUrl() |
Returns the currently requested absolute URL. | yii\web\Request |
getAcceptableContentTypes() |
Returns the content types acceptable by the end user. | yii\web\Request |
getAcceptableLanguages() |
Returns the languages acceptable by the end user. | yii\web\Request |
getAcceptsJson() |
Returns whether the request will accept a JSON response. | craft\web\Request |
getActionSegments() |
Returns the segments of the requested controller action path, if this is an action request. | craft\web\Request |
getAuthCredentials() |
yii\web\Request | |
getAuthPassword() |
yii\web\Request | |
getAuthUser() |
yii\web\Request | |
getBaseUrl() |
Returns the relative URL for the application. | yii\web\Request |
getBehavior() |
Returns the named behavior object. | yii\base\Component |
getBehaviors() |
Returns all behaviors attached to this component. | yii\base\Component |
getBodyParam() |
Returns the named request body parameter value. | craft\web\Request |
getBodyParams() |
Returns the request parameters given in the request body. | craft\web\Request |
getClientOs() |
Returns whether the client is running "Windows", "Mac", "Linux" or "Other", based on the browser's UserAgent string. | craft\web\Request |
getContentType() |
Returns request content-type The Content-Type header field indicates the MIME type of the data contained in getRawBody() or, in the case of the HEAD method, the media type that would have been sent had the request been a GET. | yii\web\Request |
getCookies() |
Returns the cookie collection. | yii\web\Request |
getCsrfToken() |
Returns the token used to perform CSRF validation. | craft\web\Request |
getCsrfTokenFromHeader() |
yii\web\Request | |
getETags() |
Gets the Etags. | yii\web\Request |
getFullPath() |
Returns the full request path, whether that came from the path info or the path query parameter. | craft\web\Request |
getHeaders() |
Returns the header collection. | yii\web\Request |
getHostInfo() |
Returns the schema and host part of the current request URL. | yii\web\Request |
getHostName() |
Returns the host part of the current request URL. | yii\web\Request |
getIsActionRequest() |
Returns whether a specific controller action was requested. | craft\web\Request |
getIsAjax() |
Returns whether this is an AJAX (XMLHttpRequest) request. | yii\web\Request |
getIsConsoleRequest() |
Returns a value indicating whether the current request is made via command line. | yii\base\Request |
getIsCpRequest() |
Returns whether the Control Panel was requested. | craft\web\Request |
getIsDelete() |
Returns whether this is a DELETE request. | yii\web\Request |
getIsFlash() |
Returns whether this is an Adobe Flash or Flex request. | yii\web\Request |
getIsGet() |
Returns whether this is a GET request. | yii\web\Request |
getIsHead() |
Returns whether this is a HEAD request. | yii\web\Request |
getIsLivePreview() |
Returns whether this is a Live Preview request. | craft\web\Request |
getIsOptions() |
Returns whether this is an OPTIONS request. | yii\web\Request |
getIsPatch() |
Returns whether this is a PATCH request. | yii\web\Request |
getIsPjax() |
Returns whether this is a PJAX request. | yii\web\Request |
getIsPost() |
Returns whether this is a POST request. | yii\web\Request |
getIsPut() |
Returns whether this is a PUT request. | yii\web\Request |
getIsSecureConnection() |
Return if the request is sent via secure channel (https). | yii\web\Request |
getIsSingleActionRequest() |
Returns whether the current request is solely an action request. | craft\web\Request |
getIsSiteRequest() |
Returns whether the front end site was requested. | craft\web\Request |
getMethod() |
Returns the method of the current request (e.g. GET, POST, HEAD, PUT, PATCH, DELETE). | yii\web\Request |
getOrigin() |
Returns the URL origin of a CORS request. | yii\web\Request |
getPageNum() |
Returns the requested page number. | craft\web\Request |
getParam() |
Returns the named parameter value from either GET or the request body. | craft\web\Request |
getPathInfo() |
Returns the requested path, sans CP trigger and pagination info. | craft\web\Request |
getPort() |
Returns the port to use for insecure requests. | yii\web\Request |
getPreferredLanguage() |
Returns the user-preferred language that should be used by this application. | yii\web\Request |
getQueryParam() |
Returns the named GET parameter value. | craft\web\Request |
getQueryParams() |
Returns the request parameters given in the \craft\web\queryString. | craft\web\Request |
getQueryString() |
Returns part of the request URL that is after the question mark. | yii\web\Request |
getQueryStringWithoutPath() |
Returns the request’s query string, without the path parameter. | craft\web\Request |
getRawBody() |
Returns the raw HTTP request body. | yii\web\Request |
getReferrer() |
Returns the URL referrer. | yii\web\Request |
getRemoteHost() |
Returns the host name of the other end of this connection. | yii\web\Request |
getRemoteIP() |
Returns the IP on the other end of this connection. | craft\web\Request |
getRequiredBodyParam() |
Returns the named request body parameter value, or bails on the request with a 400 error if that parameter doesn’t exist. | craft\web\Request |
getRequiredParam() |
Returns the named parameter value from either GET or the request body, or bails on the request with a 400 error if that parameter doesn’t exist anywhere. | craft\web\Request |
getRequiredQueryParam() |
Returns the named GET parameter value, or bails on the request with a 400 error if that parameter doesn’t exist. | craft\web\Request |
getScriptFile() |
Returns entry script file path. | yii\base\Request |
getScriptFilename() |
Returns the requested script name being used to access Craft (e.g. “index.php”). | craft\base\RequestTrait |
getScriptUrl() |
Returns the relative URL of the entry script. | yii\web\Request |
getSecurePort() |
Returns the port to use for secure requests. | yii\web\Request |
getSegment() |
Returns a specific segment from the Craft path. | craft\web\Request |
getSegments() |
Returns the segments of the requested path. | craft\web\Request |
getServerName() |
Returns the server name. | yii\web\Request |
getServerPort() |
Returns the server port number. | yii\web\Request |
getToken() |
Returns the token submitted with the request, if there is one. | craft\web\Request |
getUrl() |
Returns the currently requested relative URL. | yii\web\Request |
getUserAgent() |
Returns the user agent. | yii\web\Request |
getUserHost() |
Returns the user host name. | yii\web\Request |
getUserIP() |
Returns the user IP address. | craft\web\Request |
getValidatedBodyParam() |
Validates and returns the named request body parameter value, or bails on the request with a 400 error if that parameter doesn’t pass validation. | craft\web\Request |
hasEventHandlers() |
Returns a value indicating whether there is any handler attached to the named event. | yii\base\Component |
hasMethod() |
Returns a value indicating whether a method is defined. | yii\base\BaseObject |
hasProperty() |
Returns a value indicating whether a property is defined. | yii\base\BaseObject |
init() |
Initializes the object. | craft\web\Request |
isMobileBrowser() |
Returns whether the request is coming from a mobile browser. | craft\web\Request |
off() |
Detaches an existing event handler from this component. | yii\base\Component |
on() |
Attaches an event handler to an event. | yii\base\Component |
parseAcceptHeader() |
Parses the given Accept (or Accept-Language) header. |
yii\web\Request |
post() |
Returns POST parameter with a given name. If name isn't specified, returns an array of all POST parameters. | yii\web\Request |
regenCsrfToken() |
Regenerates a CSRF token. | craft\web\Request |
resolve() |
Resolves the current request into a route and the associated parameters. | craft\web\Request |
setAcceptableContentTypes() |
Sets the acceptable content types. | yii\web\Request |
setAcceptableLanguages() |
yii\web\Request | |
setBaseUrl() |
Sets the relative URL for the application. | yii\web\Request |
setBodyParams() |
Sets the request body parameters. | yii\web\Request |
setHostInfo() |
Sets the schema and host part of the application URL. | yii\web\Request |
setIsConsoleRequest() |
Sets the value indicating whether the current request is made via command line. | yii\base\Request |
setPathInfo() |
Sets the path info of the current request. | yii\web\Request |
setPort() |
Sets the port to use for insecure requests. | yii\web\Request |
setQueryParams() |
Sets the request \yii\web\queryString parameters. | yii\web\Request |
setRawBody() |
Sets the raw HTTP request body, this method is mainly used by test scripts to simulate raw HTTP requests. | yii\web\Request |
setScriptFile() |
Sets the entry script file path. | yii\base\Request |
setScriptUrl() |
Sets the relative URL for the application entry script. | yii\web\Request |
setSecurePort() |
Sets the port to use for secure requests. | yii\web\Request |
setUrl() |
Sets the currently requested relative URL. | yii\web\Request |
trigger() |
Triggers an event. | yii\base\Component |
validateCsrfToken() |
Performs the CSRF validation. | yii\web\Request |
| Method | Description | Defined By |
|---|---|---|
createCsrfCookie() |
Creates a cookie with a randomly generated CSRF token. | yii\web\Request |
csrfTokenValidForCurrentUser() |
Gets whether the CSRF token is valid for the current user or not | craft\web\Request |
filterHeaders() |
Filters headers according to the $trustedHosts. | yii\web\Request |
generateCsrfToken() |
Generates an unmasked random token used to perform CSRF validation. | craft\web\Request |
getIpValidator() |
Creates instance of yii\validators\IpValidator. | yii\web\Request |
loadCookies() |
Converts $_COOKIE into an array of yii\web\Cookie. |
yii\web\Request |
loadCsrfToken() |
Loads the CSRF token from cookie or session. | yii\web\Request |
resolvePathInfo() |
Resolves the path info part of the currently requested URL. | yii\web\Request |
resolveRequestUri() |
Resolves the request URI portion for the currently requested URL. | yii\web\Request |
| Constant | Value | Description | Defined By |
|---|---|---|---|
CSRF_HEADER |
'X-CSRF-Token' | The name of the HTTP header for sending CSRF token. | yii\web\Request |
CSRF_MASK_LENGTH |
8 | The length of the CSRF token mask. Deprecated since 2.0.12. The mask length is now equal to the token length. | yii\web\Request |
Property Details
$ipHeaders
public property
#
List of headers where proxies store the real client IP. It's not advisable to put insecure headers here. The match of header names is case-insensitive.
public string[] $ipHeaders = ['Client-IP', 'X-Forwarded-For', 'X-Forwarded', 'X-Cluster-Client-IP', 'Forwarded-For', 'Forwarded']Method Details
accepts()
public method
#
Returns whether the request will accept a given content type3
public boolean accepts ( \craft\web\string $contentType )$contentType |
string |
csrfTokenValidForCurrentUser()
protected method
#
Gets whether the CSRF token is valid for the current user or not
protected boolean csrfTokenValidForCurrentUser ( \craft\web\string $token )$token |
string |
generateCsrfToken()
protected method
#
Generates an unmasked random token used to perform CSRF validation.
protected string generateCsrfToken ( )| return | string | The random token for CSRF validation. |
|---|
getAcceptsJson()
public method
#
Returns whether the request will accept a JSON response.
public boolean getAcceptsJson ( )
getActionSegments()
public method
#
Returns the segments of the requested controller action path, if this is an action request.
public array, null getActionSegments ( )| return | array, null | The action path segments, or null if this isn’t an action request.
|
|---|
getBodyParam()
public method
#
Returns the named request body parameter value.
If the parameter does not exist, the second parameter passed to this method will be returned.
$foo = Craft::$app->request->getBodyParam('foo'); // Returns $_POST['foo'], if it exists
You can also specify a nested parameter using a dot-delimited string.
$bar = Craft::$app->request->getBodyParam('foo.bar'); // Returns $_POST['foo']['bar'], if it exists
See also:
public mixed getBodyParam ( $name, $defaultValue = null )$name |
string | The parameter name. |
$defaultValue |
mixed | The default parameter value if the parameter does not exist. |
| return | mixed | The parameter value |
|---|
getBodyParams()
public method
#
Returns the request parameters given in the request body.
Request parameters are determined using the parsers configured in $parsers property.
If no parsers are configured for the current \craft\web\contentType it uses the PHP function mb_parse_str()
to parse the \craft\web\rawBody.
public array getBodyParams ( )| return | array | The request parameters given in the request body. |
|---|---|---|
| throws | yii\base\InvalidConfigException | if a registered parser does not implement the \craft\web\RequestParserInterface. |
getClientOs()
public method
#
Returns whether the client is running "Windows", "Mac", "Linux" or "Other", based on the browser's UserAgent string.
public string getClientOs ( )| return | string | The OS the client is running. |
|---|
getCsrfToken()
public method
#
Returns the token used to perform CSRF validation.
This token is a masked version of \craft\web\rawCsrfToken to prevent BREACH attacks. This token may be passed along via a hidden field of an HTML form or an HTTP header value to support CSRF validation.
public string getCsrfToken ( $regenerate = false )$regenerate |
boolean | Whether to regenerate CSRF token. When this parameter is true, each time this method is called, a new CSRF token will be generated and persisted (in session or cookie). |
| return | string | The token used to perform CSRF validation. |
|---|
getFullPath()
public method
#
Returns the full request path, whether that came from the path info or the path query parameter.
Leading and trailing slashes will be removed.
public string getFullPath ( )
getIsActionRequest()
public method
#
Returns whether a specific controller action was requested.
There are several ways that this method could return true:
- If the first segment in the Craft path matches the action trigger
- If there is an 'action' param in either the POST data or query string
- If the Craft path matches the Login path, the Logout path, or the Set Password path
public boolean getIsActionRequest ( )| return | boolean | Whether the current request should be routed to a controller action. |
|---|
getIsCpRequest()
public method
#
Returns whether the Control Panel was requested.
The result depends on whether the first segment in the URI matches the
CP trigger.
Note that even if this function returns true, the request will not necessarily route to the Control Panel.
public boolean getIsCpRequest ( )| return | boolean | Whether the current request should be routed to the Control Panel. |
|---|
getIsLivePreview()
public method
#
Returns whether this is a Live Preview request.
public boolean getIsLivePreview ( )| return | boolean | Whether this is a Live Preview request. |
|---|
getIsSingleActionRequest()
public method
#
Returns whether the current request is solely an action request.
public void getIsSingleActionRequest ( )
getIsSiteRequest()
public method
#
Returns whether the front end site was requested.
The result will always just be the opposite of whatever getIsCpRequest() returns.
public boolean getIsSiteRequest ( )| return | boolean | Whether the current request should be routed to the front-end site. |
|---|
getPageNum()
public method
#
Returns the requested page number.
public integer getPageNum ( )| return | integer | The requested page number. |
|---|
getParam()
public method
#
Returns the named parameter value from either GET or the request body.
If the parameter does not exist, the second parameter to this method will be returned.
See also:
public mixed getParam ( \craft\web\string $name, $defaultValue = null )$name |
string | The parameter name. |
$defaultValue |
mixed | The default parameter value if the parameter does not exist. |
| return | mixed | The parameter value. |
|---|
getPathInfo()
public method
#
Returns the requested path, sans CP trigger and pagination info.
If $returnRealPathInfo is returned, then \craft\web\parent::getPathInfo() will be returned.
See also:
- yii\web\UrlManager::processRequest()
- yii\web\UrlRule::processRequest()
public string getPathInfo ( \craft\web\bool $returnRealPathInfo = false )$returnRealPathInfo |
boolean | Whether the real path info should be returned instead. |
| return | string | The requested path, or the path info. |
|---|---|---|
| throws | yii\base\InvalidConfigException | if the path info cannot be determined due to unexpected server configuration |
getQueryParam()
public method
#
Returns the named GET parameter value.
If the GET parameter does not exist, the second parameter to this method will be returned.
$foo = Craft::$app->request->getQueryParam('foo'); // Returns $_GET['foo'], if it exists
You can also specify a nested parameter using a dot-delimited string.
$bar = Craft::$app->request->getQueryParam('foo.bar'); // Returns $_GET['foo']['bar'], if it exists
See also getBodyParam().
public mixed getQueryParam ( $name, $defaultValue = null )$name |
string | The GET parameter name. |
$defaultValue |
mixed, null | The default parameter value if the GET parameter does not exist. |
| return | mixed | The GET parameter value. |
|---|
getQueryParams()
public method
#
Returns the request parameters given in the \craft\web\queryString.
This method will return the contents of $_GET if params where not explicitly set.
public array getQueryParams ( )| return | array | The request GET parameter values. |
|---|
getQueryStringWithoutPath()
public method
#
Returns the request’s query string, without the path parameter.
public string getQueryStringWithoutPath ( )| return | string | The query string. |
|---|
getRemoteIP()
public method
#
Returns the IP on the other end of this connection.
This is always the next hop, any headers are ignored.
public string, null getRemoteIP ( \craft\web\int $filterOptions = 0 )$filterOptions |
integer | Bitwise disjunction of flags that should be
passed to filter_var()
when validating the IP address. Options include FILTER_FLAG_IPV4,
FILTER_FLAG_IPV6, FILTER_FLAG_NO_PRIV_RANGE, and FILTER_FLAG_NO_RES_RANGE.
|
| return | string, null | Remote IP address, null if not available.
|
|---|
getRequiredBodyParam()
public method
#
Returns the named request body parameter value, or bails on the request with a 400 error if that parameter doesn’t exist.
See also getBodyParam().
public mixed getRequiredBodyParam ( \craft\web\string $name )$name |
string | The parameter name. |
| return | mixed | The parameter value |
|---|---|---|
| throws | yii\web\BadRequestHttpException | if the request does not have the body param |
getRequiredParam()
public method
#
Returns the named parameter value from either GET or the request body, or bails on the request with a 400 error if that parameter doesn’t exist anywhere.
See also:
public mixed getRequiredParam ( \craft\web\string $name )$name |
string | The parameter name. |
| return | mixed | The parameter value. |
|---|---|---|
| throws | yii\web\BadRequestHttpException | if the request does not have the param |
getRequiredQueryParam()
public method
#
Returns the named GET parameter value, or bails on the request with a 400 error if that parameter doesn’t exist.
See also getQueryParam().
public mixed getRequiredQueryParam ( \craft\web\string $name )$name |
string | The GET parameter name. |
| return | mixed | The GET parameter value. |
|---|---|---|
| throws | yii\web\BadRequestHttpException | if the request does not have the query param |
getSegment()
public method
#
Returns a specific segment from the Craft path.
public string, null getSegment ( \craft\web\int $num )$num |
integer | Which segment to return (1-indexed). |
| return | string, null | The matching segment, or null if there wasn’t one.
|
|---|
getSegments()
public method
#
Returns the segments of the requested path.
Note that the segments will not include the CP trigger if it’s a CP request, or the page trigger or page number if it’s a paginated request.
public array getSegments ( )| return | array | The Craft path’s segments. |
|---|
getToken()
public method
#
Returns the token submitted with the request, if there is one.
public string, null getToken ( )| return | string, null | The token, or null if there isn’t one.
|
|---|
getUserIP()
public method
#
Returns the user IP address.
The IP is determined using headers and / or $_SERVER variables.
public string, null getUserIP ( \craft\web\int $filterOptions = 0 )$filterOptions |
integer | Bitwise disjunction of flags that should be
passed to filter_var()
when validating the IP address. Options include FILTER_FLAG_IPV4,
FILTER_FLAG_IPV6, FILTER_FLAG_NO_PRIV_RANGE, and FILTER_FLAG_NO_RES_RANGE.
|
| return | string, null | User IP address, null if not available |
|---|
getValidatedBodyParam()
public method
#
Validates and returns the named request body parameter value, or bails on the request with a 400 error if that parameter doesn’t pass validation.
See also getBodyParam().
public mixed, null getValidatedBodyParam ( \craft\web\string $name )$name |
string | The parameter name. |
| return | mixed, null | The parameter value |
|---|---|---|
| throws | yii\web\BadRequestHttpException | if the param value doesn’t pass validation |
init()
public method
#
Initializes the object.
This method is invoked at the end of the constructor after the object is initialized with the given configuration.
public void init ( )
isMobileBrowser()
public method
#
Returns whether the request is coming from a mobile browser.
The detection script is provided by http://detectmobilebrowsers.com. It was last updated on 2014-11-24.
public boolean isMobileBrowser ( \craft\web\bool $detectTablets = false )$detectTablets |
boolean | Whether tablets should be considered “mobile”. |
| return | boolean | Whether the request is coming from a mobile browser. |
|---|
regenCsrfToken()
public method
#
Regenerates a CSRF token.
public void regenCsrfToken ( )
resolve()
public method
#
Resolves the current request into a route and the associated parameters.
public array resolve ( )| return | array | The first element is the route, and the second is the associated parameters. |
|---|---|---|
| throws | yii\web\NotFoundHttpException | if the request cannot be resolved. |