summaryrefslogtreecommitdiff
path: root/app/Core/Http/Response.php
diff options
context:
space:
mode:
authorFrederic Guillot <fred@kanboard.net>2015-10-25 18:11:49 -0400
committerFrederic Guillot <fred@kanboard.net>2015-10-25 18:11:49 -0400
commita2ebc6c3b2ec3e420a03e36faf00c6e3bf3f25e7 (patch)
tree55bbe24de52dc14591033cb3f9265acfa74cdbb8 /app/Core/Http/Response.php
parent6756ef2301a5f624941b947ec9effd34b467de9a (diff)
Move some classes to namespace Core\Http
Diffstat (limited to 'app/Core/Http/Response.php')
-rw-r--r--app/Core/Http/Response.php273
1 files changed, 273 insertions, 0 deletions
diff --git a/app/Core/Http/Response.php b/app/Core/Http/Response.php
new file mode 100644
index 00000000..a793e58b
--- /dev/null
+++ b/app/Core/Http/Response.php
@@ -0,0 +1,273 @@
+<?php
+
+namespace Kanboard\Core\Http;
+
+use Kanboard\Core\Base;
+
+/**
+ * Response class
+ *
+ * @package http
+ * @author Frederic Guillot
+ */
+class Response extends Base
+{
+ /**
+ * Send no cache headers
+ *
+ * @access public
+ */
+ public function nocache()
+ {
+ header('Pragma: no-cache');
+ header('Expires: Sat, 26 Jul 1997 05:00:00 GMT');
+
+ // Use no-store due to a Chrome bug: https://code.google.com/p/chromium/issues/detail?id=28035
+ header('Cache-Control: no-store, must-revalidate');
+ }
+
+ /**
+ * Send a custom Content-Type header
+ *
+ * @access public
+ * @param string $mimetype Mime-type
+ */
+ public function contentType($mimetype)
+ {
+ header('Content-Type: '.$mimetype);
+ }
+
+ /**
+ * Force the browser to download an attachment
+ *
+ * @access public
+ * @param string $filename File name
+ */
+ public function forceDownload($filename)
+ {
+ header('Content-Disposition: attachment; filename="'.$filename.'"');
+ }
+
+ /**
+ * Send a custom HTTP status code
+ *
+ * @access public
+ * @param integer $status_code HTTP status code
+ */
+ public function status($status_code)
+ {
+ header('Status: '.$status_code);
+ header($_SERVER['SERVER_PROTOCOL'].' '.$status_code);
+ }
+
+ /**
+ * Redirect to another URL
+ *
+ * @access public
+ * @param string $url Redirection URL
+ */
+ public function redirect($url)
+ {
+ if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest') {
+ header('X-Ajax-Redirect: '.$url);
+ } else {
+ header('Location: '.$url);
+ }
+
+ exit;
+ }
+
+ /**
+ * Send a CSV response
+ *
+ * @access public
+ * @param array $data Data to serialize in csv
+ * @param integer $status_code HTTP status code
+ */
+ public function csv(array $data, $status_code = 200)
+ {
+ $this->status($status_code);
+ $this->nocache();
+
+ header('Content-Type: text/csv');
+ Csv::output($data);
+ exit;
+ }
+
+ /**
+ * Send a Json response
+ *
+ * @access public
+ * @param array $data Data to serialize in json
+ * @param integer $status_code HTTP status code
+ */
+ public function json(array $data, $status_code = 200)
+ {
+ $this->status($status_code);
+ $this->nocache();
+ header('Content-Type: application/json');
+ echo json_encode($data);
+ exit;
+ }
+
+ /**
+ * Send a text response
+ *
+ * @access public
+ * @param string $data Raw data
+ * @param integer $status_code HTTP status code
+ */
+ public function text($data, $status_code = 200)
+ {
+ $this->status($status_code);
+ $this->nocache();
+ header('Content-Type: text/plain; charset=utf-8');
+ echo $data;
+ exit;
+ }
+
+ /**
+ * Send a HTML response
+ *
+ * @access public
+ * @param string $data Raw data
+ * @param integer $status_code HTTP status code
+ */
+ public function html($data, $status_code = 200)
+ {
+ $this->status($status_code);
+ $this->nocache();
+ header('Content-Type: text/html; charset=utf-8');
+ echo $data;
+ exit;
+ }
+
+ /**
+ * Send a XML response
+ *
+ * @access public
+ * @param string $data Raw data
+ * @param integer $status_code HTTP status code
+ */
+ public function xml($data, $status_code = 200)
+ {
+ $this->status($status_code);
+ $this->nocache();
+ header('Content-Type: text/xml; charset=utf-8');
+ echo $data;
+ exit;
+ }
+
+ /**
+ * Send a javascript response
+ *
+ * @access public
+ * @param string $data Raw data
+ * @param integer $status_code HTTP status code
+ */
+ public function js($data, $status_code = 200)
+ {
+ $this->status($status_code);
+
+ header('Content-Type: text/javascript; charset=utf-8');
+ echo $data;
+
+ exit;
+ }
+
+ /**
+ * Send a css response
+ *
+ * @access public
+ * @param string $data Raw data
+ * @param integer $status_code HTTP status code
+ */
+ public function css($data, $status_code = 200)
+ {
+ $this->status($status_code);
+
+ header('Content-Type: text/css; charset=utf-8');
+ echo $data;
+
+ exit;
+ }
+
+ /**
+ * Send a binary response
+ *
+ * @access public
+ * @param string $data Raw data
+ * @param integer $status_code HTTP status code
+ */
+ public function binary($data, $status_code = 200)
+ {
+ $this->status($status_code);
+ $this->nocache();
+ header('Content-Transfer-Encoding: binary');
+ header('Content-Type: application/octet-stream');
+ echo $data;
+ exit;
+ }
+
+ /**
+ * Send the security header: Content-Security-Policy
+ *
+ * @access public
+ * @param array $policies CSP rules
+ */
+ public function csp(array $policies = array())
+ {
+ $policies['default-src'] = "'self'";
+ $values = '';
+
+ foreach ($policies as $policy => $acl) {
+ $values .= $policy.' '.trim($acl).'; ';
+ }
+
+ header('Content-Security-Policy: '.$values);
+ }
+
+ /**
+ * Send the security header: X-Content-Type-Options
+ *
+ * @access public
+ */
+ public function nosniff()
+ {
+ header('X-Content-Type-Options: nosniff');
+ }
+
+ /**
+ * Send the security header: X-XSS-Protection
+ *
+ * @access public
+ */
+ public function xss()
+ {
+ header('X-XSS-Protection: 1; mode=block');
+ }
+
+ /**
+ * Send the security header: Strict-Transport-Security (only if we use HTTPS)
+ *
+ * @access public
+ */
+ public function hsts()
+ {
+ if (Request::isHTTPS()) {
+ header('Strict-Transport-Security: max-age=31536000');
+ }
+ }
+
+ /**
+ * Send the security header: X-Frame-Options (deny by default)
+ *
+ * @access public
+ * @param string $mode Frame option mode
+ * @param array $urls Allowed urls for the given mode
+ */
+ public function xframe($mode = 'DENY', array $urls = array())
+ {
+ header('X-Frame-Options: '.$mode.' '.implode(' ', $urls));
+ }
+}