HEADER_FORWARDED
HEADER_FORWARDED = 1
Request represents an HTTP request.
The methods dealing with URL accept / return a raw path (% encoded):
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
$attributes : \Symfony\Component\HttpFoundation\ParameterBag
Custom parameters.
None found |
$request : \Symfony\Component\HttpFoundation\ParameterBag
Request body parameters ($_POST).
None found |
$query : \Symfony\Component\HttpFoundation\ParameterBag
Query string parameters ($_GET).
None found |
$server : \Symfony\Component\HttpFoundation\ServerBag
Server and execution environment parameters ($_SERVER).
None found |
$files : \Symfony\Component\HttpFoundation\FileBag
Uploaded files ($_FILES).
None found |
$cookies : \Symfony\Component\HttpFoundation\ParameterBag
Cookies ($_COOKIE).
None found |
$headers : \Symfony\Component\HttpFoundation\HeaderBag
Headers (taken from the $_SERVER).
None found |
None found |
None found |
None found |
$trustedHeaders :
Names for headers that can be trusted when using trusted proxies.
The FORWARDED header is the standard as of rfc7239.
The other headers are non-standard, but widely used by popular reverse proxies (like Apache mod_proxy or Amazon EC2).
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
$session : \Symfony\Component\HttpFoundation\Session\SessionInterface
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
None found |
__construct(array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), string|resource|null $content = null)
array | $query | The GET parameters |
array | $request | The POST parameters |
array | $attributes | The request attributes (parameters parsed from the PATH_INFO, ...) |
array | $cookies | The COOKIE parameters |
array | $files | The FILES parameters |
array | $server | The SERVER parameters |
string|resource|null | $content | The raw body data |
None found |
initialize(array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), string|resource|null $content = null)
Sets the parameters for this request.
This method also re-initializes all properties.
array | $query | The GET parameters |
array | $request | The POST parameters |
array | $attributes | The request attributes (parameters parsed from the PATH_INFO, ...) |
array | $cookies | The COOKIE parameters |
array | $files | The FILES parameters |
array | $server | The SERVER parameters |
string|resource|null | $content | The raw body data |
None found |
createFromGlobals() : static
Creates a new request with values from PHP's super globals.
None found |
create(string $uri, string $method = 'GET', array $parameters = array(), array $cookies = array(), array $files = array(), array $server = array(), string|resource|null $content = null) : static
Creates a Request based on a given URI and configuration.
The information contained in the URI always take precedence over the other information (server and parameters).
string | $uri | The URI |
string | $method | The HTTP method |
array | $parameters | The query (GET) or request (POST) parameters |
array | $cookies | The request cookies ($_COOKIE) |
array | $files | The request files ($_FILES) |
array | $server | The server parameters ($_SERVER) |
string|resource|null | $content | The raw body data |
None found |
setFactory(callable|null $callable)
Sets a callable able to create a Request instance.
This is mainly useful when you need to override the Request class to keep BC with an existing system. It should not be used for any other purpose.
callable|null | $callable | A PHP callable |
None found |
duplicate(array $query = null, array $request = null, array $attributes = null, array $cookies = null, array $files = null, array $server = null) : static
Clones a request and overrides some of its parameters.
array | $query | The GET parameters |
array | $request | The POST parameters |
array | $attributes | The request attributes (parameters parsed from the PATH_INFO, ...) |
array | $cookies | The COOKIE parameters |
array | $files | The FILES parameters |
array | $server | The SERVER parameters |
None found |
__clone()
Clones the current request.
Note that the session is not cloned as duplicated requests are most of the time sub-requests of the main one.
None found |
None found |
overrideGlobals()
Overrides the PHP global variables according to this request instance.
It overrides $_GET, $_POST, $_REQUEST, $_SERVER, $_COOKIE. $_FILES is never overridden, see rfc1867
None found |
setTrustedProxies(array $proxies)
Sets a list of trusted proxies.
You should only list the reverse proxies that you manage directly.
array | $proxies | A list of trusted proxies |
When $trustedHeaderSet is invalid
None found |
getTrustedProxies() : array
Gets the list of trusted proxies.
An array of trusted proxies
None found |
getTrustedHeaderSet() : integer
Gets the set of trusted headers from trusted proxies.
A bit field of Request::HEADER_* that defines which headers are trusted from your proxies
None found |
setTrustedHosts(array $hostPatterns)
Sets a list of trusted host patterns.
You should only list the hosts you manage using regexs.
array | $hostPatterns | A list of trusted host patterns |
None found |
getTrustedHosts() : array
Gets the list of trusted host patterns.
An array of trusted host patterns
None found |
setTrustedHeaderName(string $key, string $value)
Sets the name for trusted headers.
The following header keys are supported:
Setting an empty value allows to disable the trusted header for the given key.
string | $key | The header key |
string | $value | The header name |
None found |
getTrustedHeaderName(string $key) : string
Gets the trusted proxy header name.
string | $key | The header key |
The header name
None found |
normalizeQueryString(string $qs) : string
Normalizes a query string.
It builds a normalized query string, where keys/value pairs are alphabetized, have consistent escaping and unneeded delimiters are removed.
string | $qs | Query string |
A normalized query string for the Request
None found |
enableHttpMethodParameterOverride()
Enables support for the _method request parameter to determine the intended HTTP method.
Be warned that enabling this feature might lead to CSRF issues in your code. Check that you are using CSRF tokens when required. If the HTTP method parameter override is enabled, an html-form with method "POST" can be altered and used to send a "PUT" or "DELETE" request via the _method request parameter. If these methods are not protected against CSRF, this presents a possible vulnerability.
The HTTP method can only be overridden when the real HTTP method is POST.
None found |
getHttpMethodParameterOverride() : boolean
Checks whether support for the _method request parameter is enabled.
True when the _method request parameter is enabled, false otherwise
None found |
get(string $key, mixed $default = null) : mixed
Gets a "parameter" value from any bag.
This method is mainly useful for libraries that want to provide some flexibility. If you don't need the flexibility in controllers, it is better to explicitly get request parameters from the appropriate public property instead (attributes, query, request).
Order of precedence: PATH (routing placeholders or custom attributes), GET, BODY
string | $key | The key |
mixed | $default | The default value if the parameter key does not exist |
None found |
getSession() : \Symfony\Component\HttpFoundation\Session\SessionInterface|null
Gets the Session.
The session
None found |
hasPreviousSession() : boolean
Whether the request contains a Session which was started in one of the previous requests.
None found |
hasSession() : boolean
Whether the request contains a Session object.
This method does not give any information about the state of the session object, like whether the session is started or not. It is just a way to check if this Request is associated with a Session instance.
true when the Request contains a Session object, false otherwise
None found |
setSession(\Symfony\Component\HttpFoundation\Session\SessionInterface $session)
Sets the Session.
\Symfony\Component\HttpFoundation\Session\SessionInterface | $session | The Session |
None found |
getClientIps() : array
Returns the client IP addresses.
In the returned array the most trusted IP address is first, and the least trusted one last. The "real" client IP address is the last one, but this is also the least trusted one. Trusted proxies are stripped.
Use this method carefully; you should use getClientIp() instead.
The client IP addresses
None found |
getClientIp() : string|null
Returns the client IP address.
This method can read the client IP address from the "X-Forwarded-For" header when trusted proxies were set via "setTrustedProxies()". The "X-Forwarded-For" header value is a comma+space separated list of IP addresses, the left-most being the original client, and each successive proxy that passed the request adding the IP address where it received the request from.
If your reverse proxy uses a different header name than "X-Forwarded-For", ("Client-Ip" for instance), configure it via the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
The client IP address
None found |
None found |
getPathInfo() : string
Returns the path being requested relative to the executed script.
The path info always starts with a /.
Suppose this request is instantiated from /mysite on localhost:
The raw path (i.e. not urldecoded)
None found |
getBasePath() : string
Returns the root path from which this request is executed.
Suppose that an index.php file instantiates this request object:
The raw path (i.e. not urldecoded)
None found |
getBaseUrl() : string
Returns the root URL from which this request is executed.
The base URL never ends with a /.
This is similar to getBasePath(), except that it also includes the script filename (e.g. index.php) if one exists.
The raw URL (i.e. not urldecoded)
None found |
None found |
getPort() : integer|string
Returns the port on which the request is made.
This method can read the client port from the "X-Forwarded-Port" header when trusted proxies were set via "setTrustedProxies()".
The "X-Forwarded-Port" header must contain the client port.
If your reverse proxy uses a different header name than "X-Forwarded-Port", configure it via via the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
can be a string if fetched from the server bag
None found |
None found |
None found |
getUserInfo() : string
Gets the user info.
A user name and, optionally, scheme-specific information about how to gain authorization to access the server
None found |
getHttpHost() : string
Returns the HTTP host being requested.
The port name will be appended to the host if it's non-standard.
None found |
getRequestUri() : string
Returns the requested URI (path and query string).
The raw URI (i.e. not URI decoded)
None found |
getSchemeAndHttpHost() : string
Gets the scheme and HTTP host.
If the URL was called with basic authentication, the user and the password are not added to the generated string.
The scheme and HTTP host
None found |
getUri() : string
Generates a normalized URI (URL) for the Request.
A normalized URI (URL) for the Request
None found |
getUriForPath(string $path) : string
Generates a normalized URI for the given path.
string | $path | A path to use instead of the current one |
The normalized URI for the path
None found |
getRelativeUriForPath(string $path) : string
Returns the path as relative reference from the current Request path.
Only the URIs path component (no schema, host etc.) is relevant and must be given. Both paths must be absolute and not contain relative parts. Relative URLs from one resource to another are useful when generating self-contained downloadable document archives. Furthermore, they can be used to reduce the link size in documents.
Example target paths, given a base path of "/a/b/c/d":
string | $path | The target path |
The relative target path
None found |
getQueryString() : string|null
Generates the normalized query string for the Request.
It builds a normalized query string, where keys/value pairs are alphabetized and have consistent escaping.
A normalized query string for the Request
None found |
isSecure() : boolean
Checks whether the request is secure or not.
This method can read the client protocol from the "X-Forwarded-Proto" header when trusted proxies were set via "setTrustedProxies()".
The "X-Forwarded-Proto" header must contain the protocol: "https" or "http".
If your reverse proxy uses a different header name than "X-Forwarded-Proto" ("SSL_HTTPS" for instance), configure it via the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
None found |
getHost() : string
Returns the host name.
This method can read the client host name from the "X-Forwarded-Host" header when trusted proxies were set via "setTrustedProxies()".
The "X-Forwarded-Host" header must contain the client host name.
If your reverse proxy uses a different header name than "X-Forwarded-Host", configure it via the $trustedHeaderSet argument of the Request::setTrustedProxies() method instead.
when the host name is invalid or not trusted
None found |
None found |
getMethod() : string
Gets the request "intended" method.
If the X-HTTP-Method-Override header is set, and if the method is a POST, then it is used to determine the "real" intended HTTP method.
The _method request parameter can also be used to determine the HTTP method, but only if enableHttpMethodParameterOverride() has been called.
The method is always an uppercased string.
The request method
None found |
getRealMethod() : string
Gets the "real" request method.
The request method
None found |
getMimeType(string $format) : string|null
Gets the mime type associated with the format.
string | $format | The format |
The associated mime type (null if not found)
None found |
getMimeTypes(string $format) : array
Gets the mime types associated with the format.
string | $format | The format |
The associated mime types
None found |
getFormat(string $mimeType) : string|null
Gets the format associated with the mime type.
string | $mimeType | The associated mime type |
The format (null if not found)
None found |
setFormat(string $format, string|array $mimeTypes)
Associates a format with mime types.
string | $format | The format |
string|array | $mimeTypes | The associated mime types (the preferred one must be the first as it will be used as the content type) |
None found |
getRequestFormat(string $default = 'html') : string
Gets the request format.
Here is the process to determine the format:
string | $default | The default format |
The request format
None found |
setRequestFormat(string $format)
Sets the request format.
string | $format | The request format |
None found |
getContentType() : string|null
Gets the format associated with the request.
The format (null if no content type is present)
None found |
setDefaultLocale(string $locale)
Sets the default locale.
string | $locale |
None found |
None found |
None found |
None found |
isMethod(string $method) : boolean
Checks if the request method is of specified type.
string | $method | Uppercase request method (GET, POST etc) |
None found |
None found |
isMethodIdempotent() : boolean
Checks whether or not the method is idempotent.
None found |
isMethodCacheable() : boolean
Checks whether the method is cacheable or not.
None found |
getProtocolVersion() : string
Returns the protocol version.
If the application is behind a proxy, the protocol version used in the requests between the client and the proxy and between the proxy and the server might be different. This returns the former (from the "Via" header) if the proxy is trusted (see "setTrustedProxies()"), otherwise it returns the latter (from the "SERVER_PROTOCOL" server parameter).
None found |
getContent(boolean $asResource = false) : string|resource
Returns the request body content.
boolean | $asResource | If true, a resource will be returned |
The request body content or a resource to read the body stream
None found |
None found |
None found |
getPreferredLanguage(array $locales = null) : string|null
Returns the preferred language.
array | $locales | An array of ordered available locales |
The preferred locale
None found |
getLanguages() : array
Gets a list of languages acceptable by the client browser.
Languages ordered in the user browser preferences
None found |
getCharsets() : array
Gets a list of charsets acceptable by the client browser.
List of charsets in preferable order
None found |
getEncodings() : array
Gets a list of encodings acceptable by the client browser.
List of encodings in preferable order
None found |
getAcceptableContentTypes() : array
Gets a list of content types acceptable by the client browser.
List of content types in preferable order
None found |
isXmlHttpRequest() : boolean
Returns true if the request is a XMLHttpRequest.
It works if your JavaScript library sets an X-Requested-With HTTP header. It is known to work with common JavaScript frameworks:
true if the request is an XMLHttpRequest, false otherwise
None found |
isFromTrustedProxy() : boolean
Indicates whether this request originated from a trusted proxy.
This can be useful to determine whether or not to trust the contents of a proxy-specific header.
true if the request came from a trusted proxy, false otherwise
None found |
None found |
None found |
None found |
None found |
None found |
setPhpDefaultLocale(string $locale)
Sets the default PHP locale.
string | $locale |
None found |
None found |
createRequestFromFactory(array $query = array(), array $request = array(), array $attributes = array(), array $cookies = array(), array $files = array(), array $server = array(), $content = null)
array | $query | |
array | $request | |
array | $attributes | |
array | $cookies | |
array | $files | |
array | $server | |
$content |
None found |
None found |
normalizeAndFilterClientIps(array $clientIps, $ip)
array | $clientIps | |
$ip |
None found |