HEADER_FORWARDED
HEADER_FORWARDED = 1
Request represents an HTTP request.
The methods dealing with URL accept / return a raw path (% encoded):
$attributes : \Symfony\Component\HttpFoundation\ParameterBag
Custom parameters.
$request : \Symfony\Component\HttpFoundation\ParameterBag
Request body parameters ($_POST).
$query : \Symfony\Component\HttpFoundation\ParameterBag
Query string parameters ($_GET).
$server : \Symfony\Component\HttpFoundation\ServerBag
Server and execution environment parameters ($_SERVER).
$files : \Symfony\Component\HttpFoundation\FileBag
Uploaded files ($_FILES).
$cookies : \Symfony\Component\HttpFoundation\ParameterBag
Cookies ($_COOKIE).
$headers : \Symfony\Component\HttpFoundation\HeaderBag
Headers (taken from the $_SERVER).
$session : \Symfony\Component\HttpFoundation\Session\SessionInterface
__construct(array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), string|resource $content = null)
| array | $query | The GET parameters |
| array | $request | The POST parameters |
| array | $attributes | The request attributes (parameters parsed from the PATH_INFO, ...) |
| array | $cookies | The COOKIE parameters |
| array | $files | The FILES parameters |
| array | $server | The SERVER parameters |
| string|resource | $content | The raw body data |
initialize(array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), string|resource $content = null)
Sets the parameters for this request.
This method also re-initializes all properties.
| array | $query | The GET parameters |
| array | $request | The POST parameters |
| array | $attributes | The request attributes (parameters parsed from the PATH_INFO, ...) |
| array | $cookies | The COOKIE parameters |
| array | $files | The FILES parameters |
| array | $server | The SERVER parameters |
| string|resource | $content | The raw body data |
create(string $uri, string $method = 'GET', array $parameters = array(), array $cookies = array(), array $files = array(), array $server = array(), string $content = null) : static
Creates a Request based on a given URI and configuration.
The information contained in the URI always take precedence over the other information (server and parameters).
| string | $uri | The URI |
| string | $method | The HTTP method |
| array | $parameters | The query (GET) or request (POST) parameters |
| array | $cookies | The request cookies ($_COOKIE) |
| array | $files | The request files ($_FILES) |
| array | $server | The server parameters ($_SERVER) |
| string | $content | The raw body data |
duplicate(array $query = null, array $request = null, array $attributes = null, array $cookies = null, array $files = null, array $server = null) : static
Clones a request and overrides some of its parameters.
| array | $query | The GET parameters |
| array | $request | The POST parameters |
| array | $attributes | The request attributes (parameters parsed from the PATH_INFO, ...) |
| array | $cookies | The COOKIE parameters |
| array | $files | The FILES parameters |
| array | $server | The SERVER parameters |
setTrustedHeaderName(string $key, string $value)
Sets the name for trusted headers.
The following header keys are supported:
Setting an empty value allows to disable the trusted header for the given key.
| string | $key | The header key |
| string | $value | The header name |
normalizeQueryString(string $qs) : string
Normalizes a query string.
It builds a normalized query string, where keys/value pairs are alphabetized, have consistent escaping and unneeded delimiters are removed.
| string | $qs | Query string |
A normalized query string for the Request
enableHttpMethodParameterOverride()
Enables support for the _method request parameter to determine the intended HTTP method.
Be warned that enabling this feature might lead to CSRF issues in your code. Check that you are using CSRF tokens when required. If the HTTP method parameter override is enabled, an html-form with method "POST" can be altered and used to send a "PUT" or "DELETE" request via the _method request parameter. If these methods are not protected against CSRF, this presents a possible vulnerability.
The HTTP method can only be overridden when the real HTTP method is POST.
get(string $key, mixed $default = null) : mixed
Gets a "parameter" value from any bag.
This method is mainly useful for libraries that want to provide some flexibility. If you don't need the flexibility in controllers, it is better to explicitly get request parameters from the appropriate public property instead (attributes, query, request).
Order of precedence: PATH (routing placeholders or custom attributes), GET, BODY
| string | $key | The key |
| mixed | $default | The default value if the parameter key does not exist |
getSession() : \Symfony\Component\HttpFoundation\Session\SessionInterface|null
Gets the Session.
The session
hasSession() : boolean
Whether the request contains a Session object.
This method does not give any information about the state of the session object, like whether the session is started or not. It is just a way to check if this Request is associated with a Session instance.
true when the Request contains a Session object, false otherwise
setSession(\Symfony\Component\HttpFoundation\Session\SessionInterface $session)
Sets the Session.
| \Symfony\Component\HttpFoundation\Session\SessionInterface | $session | The Session |
getClientIps() : array
Returns the client IP addresses.
In the returned array the most trusted IP address is first, and the least trusted one last. The "real" client IP address is the last one, but this is also the least trusted one. Trusted proxies are stripped.
Use this method carefully; you should use getClientIp() instead.
The client IP addresses
getClientIp() : string|null
Returns the client IP address.
This method can read the client IP address from the "X-Forwarded-For" header when trusted proxies were set via "setTrustedProxies()". The "X-Forwarded-For" header value is a comma+space separated list of IP addresses, the left-most being the original client, and each successive proxy that passed the request adding the IP address where it received the request from.
If your reverse proxy uses a different header name than "X-Forwarded-For", ("Client-Ip" for instance), configure it via the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
The client IP address
getPathInfo() : string
Returns the path being requested relative to the executed script.
The path info always starts with a /.
Suppose this request is instantiated from /mysite on localhost:
The raw path (i.e. not urldecoded)
getBasePath() : string
Returns the root path from which this request is executed.
Suppose that an index.php file instantiates this request object:
The raw path (i.e. not urldecoded)
getPort() : integer|string
Returns the port on which the request is made.
This method can read the client port from the "X-Forwarded-Port" header when trusted proxies were set via "setTrustedProxies()".
The "X-Forwarded-Port" header must contain the client port.
If your reverse proxy uses a different header name than "X-Forwarded-Port", configure it via via the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
can be a string if fetched from the server bag
getRelativeUriForPath(string $path) : string
Returns the path as relative reference from the current Request path.
Only the URIs path component (no schema, host etc.) is relevant and must be given. Both paths must be absolute and not contain relative parts. Relative URLs from one resource to another are useful when generating self-contained downloadable document archives. Furthermore, they can be used to reduce the link size in documents.
Example target paths, given a base path of "/a/b/c/d":
| string | $path | The target path |
The relative target path
isSecure() : boolean
Checks whether the request is secure or not.
This method can read the client protocol from the "X-Forwarded-Proto" header when trusted proxies were set via "setTrustedProxies()".
The "X-Forwarded-Proto" header must contain the protocol: "https" or "http".
If your reverse proxy uses a different header name than "X-Forwarded-Proto" ("SSL_HTTPS" for instance), configure it via the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
getHost() : string
Returns the host name.
This method can read the client host name from the "X-Forwarded-Host" header when trusted proxies were set via "setTrustedProxies()".
The "X-Forwarded-Host" header must contain the client host name.
If your reverse proxy uses a different header name than "X-Forwarded-Host", configure it via the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
when the host name is invalid or not trusted
getMethod() : string
Gets the request "intended" method.
If the X-HTTP-Method-Override header is set, and if the method is a POST, then it is used to determine the "real" intended HTTP method.
The _method request parameter can also be used to determine the HTTP method, but only if enableHttpMethodParameterOverride() has been called.
The method is always an uppercased string.
The request method
getRequestFormat(string $default = 'html') : string
Gets the request format.
Here is the process to determine the format:
| string | $default | The default format |
The request format
isXmlHttpRequest() : boolean
Returns true if the request is a XMLHttpRequest.
It works if your JavaScript library sets an X-Requested-With HTTP header. It is known to work with common JavaScript frameworks:
true if the request is an XMLHttpRequest, false otherwise
createRequestFromFactory(array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), $content = null)
| array | $query | |
| array | $request | |
| array | $attributes | |
| array | $cookies | |
| array | $files | |
| array | $server | |
| $content |