request->getServerVariable('SERVER_PROTOCOL').' '.$status_code); } /** * Redirect to another URL * * @access public * @param string $url Redirection URL */ public function redirect($url) { if ($this->request->getServerVariable('HTTP_X_REQUESTED_WITH') === 'XMLHttpRequest') { header('X-Ajax-Redirect: '.$url); } else { header('Location: '.$url); } exit; } /** * Send a CSV response * * @access public * @param array $data Data to serialize in csv * @param integer $status_code HTTP status code */ public function csv(array $data, $status_code = 200) { $this->status($status_code); $this->nocache(); header('Content-Type: text/csv'); Csv::output($data); exit; } /** * Send a Json response * * @access public * @param array $data Data to serialize in json * @param integer $status_code HTTP status code */ public function json(array $data, $status_code = 200) { $this->status($status_code); $this->nocache(); header('Content-Type: application/json'); echo json_encode($data); exit; } /** * Send a text response * * @access public * @param string $data Raw data * @param integer $status_code HTTP status code */ public function text($data, $status_code = 200) { $this->status($status_code); $this->nocache(); header('Content-Type: text/plain; charset=utf-8'); echo $data; exit; } /** * Send a HTML response * * @access public * @param string $data Raw data * @param integer $status_code HTTP status code */ public function html($data, $status_code = 200) { $this->status($status_code); $this->nocache(); header('Content-Type: text/html; charset=utf-8'); echo $data; exit; } /** * Send a XML response * * @access public * @param string $data Raw data * @param integer $status_code HTTP status code */ public function xml($data, $status_code = 200) { $this->status($status_code); $this->nocache(); header('Content-Type: text/xml; charset=utf-8'); echo $data; exit; } /** * Send a javascript response * * @access public * @param string $data Raw data * @param integer $status_code HTTP status code */ public function js($data, $status_code = 200) { $this->status($status_code); header('Content-Type: text/javascript; charset=utf-8'); echo $data; exit; } /** * Send a css response * * @access public * @param string $data Raw data * @param integer $status_code HTTP status code */ public function css($data, $status_code = 200) { $this->status($status_code); header('Content-Type: text/css; charset=utf-8'); echo $data; exit; } /** * Send a binary response * * @access public * @param string $data Raw data * @param integer $status_code HTTP status code */ public function binary($data, $status_code = 200) { $this->status($status_code); $this->nocache(); header('Content-Transfer-Encoding: binary'); header('Content-Type: application/octet-stream'); echo $data; exit; } /** * Send the security header: Content-Security-Policy * * @access public * @param array $policies CSP rules */ public function csp(array $policies = array()) { $values = ''; foreach ($policies as $policy => $acl) { $values .= $policy.' '.trim($acl).'; '; } header('Content-Security-Policy: '.$values); } /** * Send the security header: X-Content-Type-Options * * @access public */ public function nosniff() { header('X-Content-Type-Options: nosniff'); } /** * Send the security header: X-XSS-Protection * * @access public */ public function xss() { header('X-XSS-Protection: 1; mode=block'); } /** * Send the security header: Strict-Transport-Security (only if we use HTTPS) * * @access public */ public function hsts() { if ($this->request->isHTTPS()) { header('Strict-Transport-Security: max-age=31536000'); } } /** * Send the security header: X-Frame-Options (deny by default) * * @access public * @param string $mode Frame option mode * @param array $urls Allowed urls for the given mode */ public function xframe($mode = 'DENY', array $urls = array()) { header('X-Frame-Options: '.$mode.' '.implode(' ', $urls)); } }