Skip to content

Add documentation for RFC 8674 support #13152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 17, 2020
Merged

Add documentation for RFC 8674 support #13152

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions components/http_foundation.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -706,6 +706,31 @@ Session

The session information is in its own document: :doc:`/components/http_foundation/sessions`.

Safe content preference - RFC 8674
----------------------------------

`RFC 8674`_ (not yet an IETF standard) defines a way for user agents to ask for "safe"
content to a server. Symfony offers 2 methods to interact with this preference:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

offers two ....


* :method:`Symfony\\Component\\HttpFoundation\\Request::preferSafeContent`;
* :method:`Symfony\\Component\\HttpFoundation\\Response::setContentSafe`;

When the user agent prefers "safe" content, you can detect it and send it a more appropriate
reponse::

if ($request->preferSafeContent()) {
$response = new Response($alternativeContent);
$response->setContentSafe(); // Inform the user we respected their preferences

return $response;
}

.. note::

The RFC 8674 does not define a precise semantic for "safe". Rather, the term is interpreted
by the server and within the scope of each web site that chooses to act upon this information.


Learn More
----------

Expand All @@ -723,3 +748,4 @@ Learn More
.. _Apache: https://tn123.org/mod_xsendfile/
.. _`JSON Hijacking`: http://haacked.com/archive/2009/06/25/json-hijacking.aspx
.. _OWASP guidelines: https://cheatsheetseries.owasp.org/cheatsheets/AJAX_Security_Cheat_Sheet.html#always-return-json-with-an-object-on-the-outside
.. _RFC 8674: https://tools.ietf.org/html/rfc8674