class JsonResponse

Response represents an HTTP response in JSON format.

Note that this class does not force the returned JSON content to be an object. It is however recommended that you do return an object as it protects yourself against XSSI and JSON-JavaScript Hijacking.

@author Igor Wiedler <igor@wiedler.ch>

Hierarchy

class \Symfony\Component\HttpFoundation\Response
- class \Symfony\Component\HttpFoundation\JsonResponse extends \Symfony\Component\HttpFoundation\Response

Expanded class hierarchy of JsonResponse

File

vendor/symfony/http-foundation/JsonResponse.php, line 25

Namespace

Symfony\Component\HttpFoundation

View source

class JsonResponse extends Response {
    protected mixed $data;
    protected ?string $callback = null;
    // Encode <, >, ', &, and " characters in the JSON, making it also safe to be embedded into HTML.
    // 15 === JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT
    public const DEFAULT_ENCODING_OPTIONS = 15;
    protected int $encodingOptions = self::DEFAULT_ENCODING_OPTIONS;
    
    /**
     * @param bool $json If the data is already a JSON string
     */
    public function __construct(mixed $data = null, int $status = 200, array $headers = [], bool $json = false) {
        parent::__construct('', $status, $headers);
        if ($json && !\is_string($data) && !is_numeric($data) && !$data instanceof \Stringable) {
            throw new \TypeError(\sprintf('"%s": If $json is set to true, argument $data must be a string or object implementing __toString(), "%s" given.', __METHOD__, get_debug_type($data)));
        }
        $data ??= new \ArrayObject();
        $json ? $this->setJson($data) : $this->setData($data);
    }
    
    /**
     * Factory method for chainability.
     *
     * Example:
     *
     *     return JsonResponse::fromJsonString('{"key": "value"}')
     *         ->setSharedMaxAge(300);
     *
     * @param string $data    The JSON response string
     * @param int    $status  The response status code (200 "OK" by default)
     * @param array  $headers An array of response headers
     */
    public static function fromJsonString(string $data, int $status = 200, array $headers = []) : static {
        return new static($data, $status, $headers, true);
    }
    
    /**
     * Sets the JSONP callback.
     *
     * @param string|null $callback The JSONP callback or null to use none
     *
     * @return $this
     *
     * @throws \InvalidArgumentException When the callback name is not valid
     */
    public function setCallback(?string $callback) : static {
        if (null !== $callback) {
            // partially taken from https://geekality.net/2011/08/03/valid-javascript-identifier/
            // partially taken from https://github.com/willdurand/JsonpCallbackValidator
            //      JsonpCallbackValidator is released under the MIT License. See https://github.com/willdurand/JsonpCallbackValidator/blob/v1.1.0/LICENSE for details.
            //      (c) William Durand <william.durand1@gmail.com>
            $pattern = '/^[$_\\p{L}][$_\\p{L}\\p{Mn}\\p{Mc}\\p{Nd}\\p{Pc}\\x{200C}\\x{200D}]*(?:\\[(?:"(?:\\\\.|[^"\\\\])*"|\'(?:\\\\.|[^\'\\\\])*\'|\\d+)\\])*?$/u';
            $reserved = [
                'break',
                'do',
                'instanceof',
                'typeof',
                'case',
                'else',
                'new',
                'var',
                'catch',
                'finally',
                'return',
                'void',
                'continue',
                'for',
                'switch',
                'while',
                'debugger',
                'function',
                'this',
                'with',
                'default',
                'if',
                'throw',
                'delete',
                'in',
                'try',
                'class',
                'enum',
                'extends',
                'super',
                'const',
                'export',
                'import',
                'implements',
                'let',
                'private',
                'public',
                'yield',
                'interface',
                'package',
                'protected',
                'static',
                'null',
                'true',
                'false',
            ];
            $parts = explode('.', $callback);
            foreach ($parts as $part) {
                if (!preg_match($pattern, $part) || \in_array($part, $reserved, true)) {
                    throw new \InvalidArgumentException('The callback name is not valid.');
                }
            }
        }
        $this->callback = $callback;
        return $this->update();
    }
    
    /**
     * Sets a raw string containing a JSON document to be sent.
     *
     * @return $this
     */
    public function setJson(string $json) : static {
        $this->data = $json;
        return $this->update();
    }
    
    /**
     * Sets the data to be sent as JSON.
     *
     * @return $this
     *
     * @throws \InvalidArgumentException
     */
    public function setData(mixed $data = []) : static {
        try {
            $data = json_encode($data, $this->encodingOptions);
        } catch (\Exception $e) {
            if ('Exception' === $e::class && str_starts_with($e->getMessage(), 'Failed calling ')) {
                throw $e->getPrevious() ?: $e;
            }
            throw $e;
        }
        if (\JSON_THROW_ON_ERROR & $this->encodingOptions) {
            return $this->setJson($data);
        }
        if (\JSON_ERROR_NONE !== json_last_error()) {
            throw new \InvalidArgumentException(json_last_error_msg());
        }
        return $this->setJson($data);
    }
    
    /**
     * Returns options used while encoding data to JSON.
     */
    public function getEncodingOptions() : int {
        return $this->encodingOptions;
    }
    
    /**
     * Sets options used while encoding data to JSON.
     *
     * @return $this
     */
    public function setEncodingOptions(int $encodingOptions) : static {
        $this->encodingOptions = $encodingOptions;
        return $this->setData(json_decode($this->data));
    }
    
    /**
     * Updates the content and headers according to the JSON data and callback.
     *
     * @return $this
     */
    protected function update() : static {
        if (null !== $this->callback) {
            // Not using application/javascript for compatibility reasons with older browsers.
            $this->headers
                ->set('Content-Type', 'text/javascript');
            return $this->setContent(\sprintf('/**/%s(%s);', $this->callback, $this->data));
        }
        // Only set the header when there is none or when it equals 'text/javascript' (from a previous update with callback)
        // in order to not overwrite a custom definition.
        if (!$this->headers
            ->has('Content-Type') || 'text/javascript' === $this->headers
            ->get('Content-Type')) {
            $this->headers
                ->set('Content-Type', 'application/json');
        }
        return $this->setContent($this->data);
    }

}

Members

Title Sort descending	Modifiers	Object type	Summary	Overriden Title	Overrides
JsonResponse::$callback	protected	property
JsonResponse::$data	protected	property
JsonResponse::$encodingOptions	protected	property
JsonResponse::DEFAULT_ENCODING_OPTIONS	public	constant
JsonResponse::fromJsonString	public static	function	Factory method for chainability.
JsonResponse::getEncodingOptions	public	function	Returns options used while encoding data to JSON.
JsonResponse::setCallback	public	function	Sets the JSONP callback.
JsonResponse::setData	public	function	Sets the data to be sent as JSON.
JsonResponse::setEncodingOptions	public	function	Sets options used while encoding data to JSON.
JsonResponse::setJson	public	function	Sets a raw string containing a JSON document to be sent.
JsonResponse::update	protected	function	Updates the content and headers according to the JSON data and callback.
JsonResponse::__construct	public	function		Overrides Response::__construct
Response::$charset	protected	property
Response::$content	protected	property
Response::$headers	public	property
Response::$sentHeaders	private	property	Tracks headers already sent in informational responses.
Response::$statusCode	protected	property
Response::$statusText	protected	property
Response::$statusTexts	public static	property	Status codes translation table.
Response::$version	protected	property
Response::closeOutputBuffers	public static	function	Cleans or flushes output buffers up to target level.
Response::ensureIEOverSSLCompatibility	protected	function	Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9.
Response::expire	public	function	Marks the response stale by setting the Age header to be equal to the maximum age of the response.
Response::getAge	public	function	Returns the age of the response in seconds.
Response::getCharset	public	function	Retrieves the response charset.
Response::getContent	public	function	Gets the current response content.		2
Response::getDate	public	function	Returns the Date header as a DateTime instance.
Response::getEtag	public	function	Returns the literal value of the ETag HTTP header.
Response::getExpires	public	function	Returns the value of the Expires header as a DateTime instance.
Response::getLastModified	public	function	Returns the Last-Modified HTTP header as a DateTime instance.
Response::getMaxAge	public	function	Returns the number of seconds after the time specified in the response's Date header when the response should no longer be considered fresh.
Response::getProtocolVersion	public	function	Gets the HTTP protocol version.
Response::getStatusCode	public	function	Retrieves the status code for the current web response.
Response::getTtl	public	function	Returns the response's time-to-live in seconds.
Response::getVary	public	function	Returns an array of header names given in the Vary header.
Response::hasVary	public	function	Returns true if the response includes a Vary header.
Response::HTTP_ACCEPTED	public	constant
Response::HTTP_ALREADY_REPORTED	public	constant
Response::HTTP_BAD_GATEWAY	public	constant
Response::HTTP_BAD_REQUEST	public	constant
Response::HTTP_CONFLICT	public	constant
Response::HTTP_CONTINUE	public	constant
Response::HTTP_CREATED	public	constant
Response::HTTP_EARLY_HINTS	public	constant
Response::HTTP_EXPECTATION_FAILED	public	constant
Response::HTTP_FAILED_DEPENDENCY	public	constant
Response::HTTP_FORBIDDEN	public	constant
Response::HTTP_FOUND	public	constant
Response::HTTP_GATEWAY_TIMEOUT	public	constant
Response::HTTP_GONE	public	constant
Response::HTTP_IM_USED	public	constant
Response::HTTP_INSUFFICIENT_STORAGE	public	constant
Response::HTTP_INTERNAL_SERVER_ERROR	public	constant
Response::HTTP_I_AM_A_TEAPOT	public	constant
Response::HTTP_LENGTH_REQUIRED	public	constant
Response::HTTP_LOCKED	public	constant
Response::HTTP_LOOP_DETECTED	public	constant
Response::HTTP_METHOD_NOT_ALLOWED	public	constant
Response::HTTP_MISDIRECTED_REQUEST	public	constant
Response::HTTP_MOVED_PERMANENTLY	public	constant
Response::HTTP_MULTIPLE_CHOICES	public	constant
Response::HTTP_MULTI_STATUS	public	constant
Response::HTTP_NETWORK_AUTHENTICATION_REQUIRED	public	constant
Response::HTTP_NON_AUTHORITATIVE_INFORMATION	public	constant
Response::HTTP_NOT_ACCEPTABLE	public	constant
Response::HTTP_NOT_EXTENDED	public	constant
Response::HTTP_NOT_FOUND	public	constant
Response::HTTP_NOT_IMPLEMENTED	public	constant
Response::HTTP_NOT_MODIFIED	public	constant
Response::HTTP_NO_CONTENT	public	constant
Response::HTTP_OK	public	constant
Response::HTTP_PARTIAL_CONTENT	public	constant
Response::HTTP_PAYMENT_REQUIRED	public	constant
Response::HTTP_PERMANENTLY_REDIRECT	public	constant
Response::HTTP_PRECONDITION_FAILED	public	constant
Response::HTTP_PRECONDITION_REQUIRED	public	constant
Response::HTTP_PROCESSING	public	constant
Response::HTTP_PROXY_AUTHENTICATION_REQUIRED	public	constant
Response::HTTP_REQUESTED_RANGE_NOT_SATISFIABLE	public	constant
Response::HTTP_REQUEST_ENTITY_TOO_LARGE	public	constant
Response::HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE	public	constant
Response::HTTP_REQUEST_TIMEOUT	public	constant
Response::HTTP_REQUEST_URI_TOO_LONG	public	constant
Response::HTTP_RESERVED	public	constant
Response::HTTP_RESET_CONTENT	public	constant
Response::HTTP_RESPONSE_CACHE_CONTROL_DIRECTIVES	private	constant
Response::HTTP_SEE_OTHER	public	constant
Response::HTTP_SERVICE_UNAVAILABLE	public	constant
Response::HTTP_SWITCHING_PROTOCOLS	public	constant
Response::HTTP_TEMPORARY_REDIRECT	public	constant
Response::HTTP_TOO_EARLY	public	constant
Response::HTTP_TOO_MANY_REQUESTS	public	constant
Response::HTTP_UNAUTHORIZED	public	constant
Response::HTTP_UNAVAILABLE_FOR_LEGAL_REASONS	public	constant
Response::HTTP_UNPROCESSABLE_ENTITY	public	constant
Response::HTTP_UNSUPPORTED_MEDIA_TYPE	public	constant
Response::HTTP_UPGRADE_REQUIRED	public	constant
Response::HTTP_USE_PROXY	public	constant
Response::HTTP_VARIANT_ALSO_NEGOTIATES_EXPERIMENTAL	public	constant
Response::HTTP_VERSION_NOT_SUPPORTED	public	constant
Response::isCacheable	public	function	Returns true if the response may safely be kept in a shared (surrogate) cache.
Response::isClientError	public	function	Is there a client error?
Response::isEmpty	public	function	Is the response empty?
Response::isForbidden	public	function	Is the response forbidden?
Response::isFresh	public	function	Returns true if the response is "fresh".
Response::isImmutable	public	function	Returns true if the response is marked as "immutable".
Response::isInformational	public	function	Is response informative?
Response::isInvalid	public	function	Is response invalid?
Response::isNotFound	public	function	Is the response a not found error?
Response::isNotModified	public	function	Determines if the Response validators (ETag, Last-Modified) match a conditional value specified in the Request.
Response::isOk	public	function	Is the response OK?
Response::isRedirect	public	function	Is the response a redirect of some form?
Response::isRedirection	public	function	Is the response a redirect?
Response::isServerError	public	function	Was there a server side error?
Response::isSuccessful	public	function	Is response successful?
Response::isValidateable	public	function	Returns true if the response includes headers that can be used to validate the response with the origin server using a conditional GET request.
Response::mustRevalidate	public	function	Returns true if the response must be revalidated by shared caches once it has become stale.
Response::prepare	public	function	Prepares the Response before it is sent to the client.		1
Response::send	public	function	Sends HTTP headers and content.
Response::sendContent	public	function	Sends content for the current web response.		3
Response::sendHeaders	public	function	Sends HTTP headers.		1
Response::setCache	public	function	Sets the response's cache headers (validation and/or expiration).
Response::setCharset	public	function	Sets the response charset.
Response::setClientTtl	public	function	Sets the response's time-to-live for private/client caches in seconds.
Response::setContent	public	function	Sets the response content.		3
Response::setContentSafe	public	function	Marks a response as safe according to RFC8674.
Response::setDate	public	function	Sets the Date header.
Response::setEtag	public	function	Sets the ETag value.
Response::setExpires	public	function	Sets the Expires HTTP header with a DateTime instance.
Response::setImmutable	public	function	Marks the response as "immutable".
Response::setLastModified	public	function	Sets the Last-Modified HTTP header with a DateTime instance.
Response::setMaxAge	public	function	Sets the number of seconds after which the response should no longer be considered fresh.
Response::setNotModified	public	function	Modifies the response so that it conforms to the rules defined for a 304 status code.
Response::setPrivate	public	function	Marks the response as "private".
Response::setProtocolVersion	public	function	Sets the HTTP protocol version (1.0 or 1.1).
Response::setPublic	public	function	Marks the response as "public".
Response::setSharedMaxAge	public	function	Sets the number of seconds after which the response should no longer be considered fresh by shared caches.
Response::setStaleIfError	public	function	Sets the number of seconds after which the response should no longer be returned by shared caches when backend is down.
Response::setStaleWhileRevalidate	public	function	Sets the number of seconds after which the response should no longer return stale content by shared caches.
Response::setStatusCode	public	function	Sets the response status code.
Response::setTtl	public	function	Sets the response's time-to-live for shared caches in seconds.
Response::setVary	public	function	Sets the Vary header.
Response::__clone	public	function	Clones the current Response instance.
Response::__toString	public	function	Returns the Response as an HTTP string.

class JsonResponse

Hierarchy

See also

File

Namespace

Members