New in Symfony 5.1: The "safe" HTTP Preference
March 11, 2020 • Published by Javier Eguiluz
Warning: This post is about an unsupported Symfony version. Some of this information may be out of date. Read the most recent Symfony Docs.
Contributed by
Loïck Piera
in #34847.
Some web sites have a "safe" mode to assist those who don't want to be exposed to content to which they might object. Instead of configuring this option for each web site, browser can indicate your safe preference to all web sites.
This feature is fully explained in the RFC 8674 document. Broadly speaking,
browsers requesting safe content add the Prefer: safe
HTTP header and
servers honoring it include these headers in their responses:
Preference-Applied: safe
and Vary: Prefer
.
In Symfony 5.1, we added support for this feature in the HttpFoundation component. First, you can check if a user requested safe content:
1 2 3 4
// $request is an instance of Symfony\Component\HttpFoundation\Request
if ($request->preferSafeContent()) {
// ...
}
If you fulfilled the safe request, use the setContentSafe()
method on the
response to add the needed HTTP headers:
1 2 3 4
use Symfony\Component\HttpFoundation\Response;
$response = new Response('...');
$response->setContentSafe();
An important thing to keep in mind is that the RFC 8674
specification doesn't
define what can be considered as "safe content". Each web site decides which of
their contents are objectionable or unsafe in some way.
Help the Symfony project!
As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.
Comments are closed.
To ensure that comments stay relevant, they are closed for old posts.
https://developer.apple.com/app-store/review/guidelines/#safety