Class yii\web\Request
Inheritance | yii\web\Request » yii\base\Request » yii\base\Component » yii\base\BaseObject |
---|---|
Implements | yii\base\Configurable |
Available since version | 2.0 |
Source Code | https://github.com/yiisoft/yii2/blob/master/framework/web/Request.php |
The web Request class represents an HTTP request.
It encapsulates the $_SERVER variable and resolves its inconsistency among different Web servers. Also it provides an interface to retrieve request parameters from $_POST, $_GET, $_COOKIES and REST parameters sent via other HTTP methods like PUT or DELETE.
Request is configured as an application component in yii\web\Application by default.
You can access that instance via Yii::$app->request
.
For more details and usage information on Request, see the guide article on requests.
Public Properties
Property | Type | Description | Defined By |
---|---|---|---|
$absoluteUrl | string | The currently requested absolute URL. This property is read-only. | yii\web\Request |
$acceptableContentTypes | array | The content types ordered by the quality score. Types with the highest scores will be returned first. The array keys are the content types, while the array values are the corresponding quality score and other parameters as given in the header. | yii\web\Request |
$acceptableLanguages | array | The languages ordered by the preference level. The first element represents the most preferred language. | yii\web\Request |
$authCredentials | array | That contains exactly two elements: - 0: the username sent via HTTP
authentication, null if the username is not given - 1: the password sent via HTTP authentication, null if
the password is not given. This property is read-only. |
yii\web\Request |
$authPassword | string|null | The password sent via HTTP authentication, null if the password
is not given. This property is read-only. |
yii\web\Request |
$authUser | string|null | The username sent via HTTP authentication, null if the username is
not given. This property is read-only. |
yii\web\Request |
$baseUrl | string | The relative URL for the application (usually with a leading slash). | yii\web\Request |
$behaviors | yii\base\Behavior[] | List of behaviors attached to this component. This property is read-only. | yii\base\Component |
$bodyParams | array | The request parameters given in the request body. | yii\web\Request |
$contentType | string | Request content-type. Null is returned if this information is not available. This property is read-only. | yii\web\Request |
$cookieValidationKey | string | A secret key used for cookie validation. | yii\web\Request |
$cookies | yii\web\CookieCollection | The cookie collection. This property is read-only. | yii\web\Request |
$csrfCookie | array | The configuration for creating the CSRF cookie. | yii\web\Request |
$csrfParam | string | The name of the token used to prevent CSRF. | yii\web\Request |
$csrfToken | string | The token used to perform CSRF validation. This property is read-only. | yii\web\Request |
$csrfTokenFromHeader | string | The CSRF token sent via CSRF_HEADER by browser. Null is returned if no such header is sent. This property is read-only. | yii\web\Request |
$eTags | array | The entity tags. This property is read-only. | yii\web\Request |
$enableCookieValidation | boolean | Whether cookies should be validated to ensure they are not tampered. | yii\web\Request |
$enableCsrfCookie | boolean | Whether to use cookie to persist CSRF token. | yii\web\Request |
$enableCsrfValidation | boolean | Whether to enable CSRF (Cross-Site Request Forgery) validation. | yii\web\Request |
$headers | yii\web\HeaderCollection | The header collection. This property is read-only. | yii\web\Request |
$hostInfo | string|null | Schema and hostname part (with port number if needed) of the request URL
(e.g. http://www.yiiframework.com ), null if can't be obtained from $_SERVER and wasn't set. See
getHostInfo() for security related notes on this property. |
yii\web\Request |
$hostName | string|null | Hostname part of the request URL (e.g. www.yiiframework.com ). This
property is read-only. |
yii\web\Request |
$ipHeaders | string[] | List of headers where proxies store the real client IP. | yii\web\Request |
$isAjax | boolean | Whether this is an AJAX (XMLHttpRequest) request. This property is read-only. | yii\web\Request |
$isConsoleRequest | boolean | The value indicating whether the current request is made via console | yii\base\Request |
$isDelete | boolean | Whether this is a DELETE request. This property is read-only. | yii\web\Request |
$isFlash | boolean | Whether this is an Adobe Flash or Adobe Flex request. This property is read-only. | yii\web\Request |
$isGet | boolean | Whether this is a GET request. This property is read-only. | yii\web\Request |
$isHead | boolean | Whether this is a HEAD request. This property is read-only. | yii\web\Request |
$isOptions | boolean | Whether this is a OPTIONS request. This property is read-only. | yii\web\Request |
$isPatch | boolean | Whether this is a PATCH request. This property is read-only. | yii\web\Request |
$isPjax | boolean | Whether this is a PJAX request. This property is read-only. | yii\web\Request |
$isPost | boolean | Whether this is a POST request. This property is read-only. | yii\web\Request |
$isPut | boolean | Whether this is a PUT request. This property is read-only. | yii\web\Request |
$isSecureConnection | boolean | If the request is sent via secure channel (https). This property is read-only. | yii\web\Request |
$method | string | Request method, such as GET, POST, HEAD, PUT, PATCH, DELETE. The value returned is turned into upper case. This property is read-only. | yii\web\Request |
$methodParam | string | The name of the POST parameter that is used to indicate if a request is a PUT, PATCH or DELETE request tunneled through POST. | yii\web\Request |
$origin | string|null | URL origin of a CORS request, null if not available. This property is
read-only. |
yii\web\Request |
$parsers | array | The parsers for converting the raw HTTP request body into $bodyParams. | yii\web\Request |
$pathInfo | string | Part of the request URL that is after the entry script and before the question mark. Note, the returned path info is already URL-decoded. | yii\web\Request |
$port | integer | Port number for insecure requests. | yii\web\Request |
$preferredLanguage | string | The language that the application should use. | yii\web\Request |
$queryParams | array | The request GET parameter values. | yii\web\Request |
$queryString | string | Part of the request URL that is after the question mark. This property is read-only. | yii\web\Request |
$rawBody | string | The request body. | yii\web\Request |
$referrer | string|null | URL referrer, null if not available. This property is read-only. | yii\web\Request |
$remoteHost | string|null | Remote host name, null if not available. This property is
read-only. |
yii\web\Request |
$remoteIP | string|null | Remote IP address, null if not available. This property is
read-only. |
yii\web\Request |
$scriptFile | string | The entry script file path. | yii\web\Request |
$scriptUrl | string | The relative URL of the entry script. | yii\web\Request |
$secureHeaders | array | Lists of headers that are, by default, subject to the trusted host configuration. | yii\web\Request |
$securePort | integer | Port number for secure requests. | yii\web\Request |
$secureProtocolHeaders | array | List of headers to check for determining whether the connection is made via HTTPS. | yii\web\Request |
$serverName | string | Server name, null if not available. This property is read-only. | yii\web\Request |
$serverPort | integer|null | Server port number, null if not available. This property is read-only. | yii\web\Request |
$trustedHosts | array | The configuration for trusted security related headers. | yii\web\Request |
$url | string | The currently requested relative URL. Note that the URI returned may be URL-encoded depending on the client. | yii\web\Request |
$userAgent | string|null | User agent, null if not available. This property is read-only. | yii\web\Request |
$userHost | string|null | User host name, null if not available. This property is read-only. | yii\web\Request |
$userIP | string|null | User IP address, null if not available. This property is read-only. | yii\web\Request |
Public Methods
Method | Description | Defined By |
---|---|---|
__call() | Calls the named method which is not a class method. | yii\base\BaseObject |
__clone() | This method is called after the object is created by cloning an existing one. | yii\base\Component |
__construct() | Constructor. | yii\base\BaseObject |
__get() | Returns the value of an object property. | yii\base\BaseObject |
__isset() | Checks if a property is set, i.e. defined and not null. | yii\base\BaseObject |
__set() | Sets value of an object property. | yii\base\BaseObject |
__unset() | Sets an object property to null. | yii\base\BaseObject |
attachBehavior() | Attaches a behavior to this component. | yii\base\Component |
attachBehaviors() | Attaches a list of behaviors to the component. | yii\base\Component |
behaviors() | Returns a list of behaviors that this component should behave as. | yii\base\Component |
canGetProperty() | Returns a value indicating whether a property can be read. | yii\base\BaseObject |
canSetProperty() | Returns a value indicating whether a property can be set. | yii\base\BaseObject |
className() | Returns the fully qualified name of this class. | yii\base\BaseObject |
detachBehavior() | Detaches a behavior from the component. | yii\base\Component |
detachBehaviors() | Detaches all behaviors from the component. | yii\base\Component |
ensureBehaviors() | Makes sure that the behaviors declared in behaviors() are attached to this component. | yii\base\Component |
get() | Returns GET parameter with a given name. If name isn't specified, returns an array of all GET parameters. | yii\web\Request |
getAbsoluteUrl() | Returns the currently requested absolute URL. | yii\web\Request |
getAcceptableContentTypes() | Returns the content types acceptable by the end user. | yii\web\Request |
getAcceptableLanguages() | Returns the languages acceptable by the end user. | yii\web\Request |
getAuthCredentials() | yii\web\Request | |
getAuthPassword() | yii\web\Request | |
getAuthUser() | yii\web\Request | |
getBaseUrl() | Returns the relative URL for the application. | yii\web\Request |
getBehavior() | Returns the named behavior object. | yii\base\Component |
getBehaviors() | Returns all behaviors attached to this component. | yii\base\Component |
getBodyParam() | Returns the named request body parameter value. | yii\web\Request |
getBodyParams() | Returns the request parameters given in the request body. | yii\web\Request |
getContentType() | Returns request content-type The Content-Type header field indicates the MIME type of the data contained in getRawBody() or, in the case of the HEAD method, the media type that would have been sent had the request been a GET. | yii\web\Request |
getCookies() | Returns the cookie collection. | yii\web\Request |
getCsrfToken() | Returns the token used to perform CSRF validation. | yii\web\Request |
getCsrfTokenFromHeader() | yii\web\Request | |
getETags() | Gets the Etags. | yii\web\Request |
getHeaders() | Returns the header collection. | yii\web\Request |
getHostInfo() | Returns the schema and host part of the current request URL. | yii\web\Request |
getHostName() | Returns the host part of the current request URL. | yii\web\Request |
getIsAjax() | Returns whether this is an AJAX (XMLHttpRequest) request. | yii\web\Request |
getIsConsoleRequest() | Returns a value indicating whether the current request is made via command line. | yii\base\Request |
getIsDelete() | Returns whether this is a DELETE request. | yii\web\Request |
getIsFlash() | Returns whether this is an Adobe Flash or Flex request. | yii\web\Request |
getIsGet() | Returns whether this is a GET request. | yii\web\Request |
getIsHead() | Returns whether this is a HEAD request. | yii\web\Request |
getIsOptions() | Returns whether this is an OPTIONS request. | yii\web\Request |
getIsPatch() | Returns whether this is a PATCH request. | yii\web\Request |
getIsPjax() | Returns whether this is a PJAX request. | yii\web\Request |
getIsPost() | Returns whether this is a POST request. | yii\web\Request |
getIsPut() | Returns whether this is a PUT request. | yii\web\Request |
getIsSecureConnection() | Return if the request is sent via secure channel (https). | yii\web\Request |
getMethod() | Returns the method of the current request (e.g. GET, POST, HEAD, PUT, PATCH, DELETE). | yii\web\Request |
getOrigin() | Returns the URL origin of a CORS request. | yii\web\Request |
getPathInfo() | Returns the path info of the currently requested URL. | yii\web\Request |
getPort() | Returns the port to use for insecure requests. | yii\web\Request |
getPreferredLanguage() | Returns the user-preferred language that should be used by this application. | yii\web\Request |
getQueryParam() | Returns the named GET parameter value. | yii\web\Request |
getQueryParams() | Returns the request parameters given in the $queryString. | yii\web\Request |
getQueryString() | Returns part of the request URL that is after the question mark. | yii\web\Request |
getRawBody() | Returns the raw HTTP request body. | yii\web\Request |
getReferrer() | Returns the URL referrer. | yii\web\Request |
getRemoteHost() | Returns the host name of the other end of this connection. | yii\web\Request |
getRemoteIP() | Returns the IP on the other end of this connection. | yii\web\Request |
getScriptFile() | Returns the entry script file path. | yii\web\Request |
getScriptUrl() | Returns the relative URL of the entry script. | yii\web\Request |
getSecurePort() | Returns the port to use for secure requests. | yii\web\Request |
getServerName() | Returns the server name. | yii\web\Request |
getServerPort() | Returns the server port number. | yii\web\Request |
getUrl() | Returns the currently requested relative URL. | yii\web\Request |
getUserAgent() | Returns the user agent. | yii\web\Request |
getUserHost() | Returns the user host name. | yii\web\Request |
getUserIP() | Returns the user IP address. | yii\web\Request |
hasEventHandlers() | Returns a value indicating whether there is any handler attached to the named event. | yii\base\Component |
hasMethod() | Returns a value indicating whether a method is defined. | yii\base\BaseObject |
hasProperty() | Returns a value indicating whether a property is defined. | yii\base\BaseObject |
init() | Initializes the object. | yii\base\BaseObject |
off() | Detaches an existing event handler from this component. | yii\base\Component |
on() | Attaches an event handler to an event. | yii\base\Component |
parseAcceptHeader() | Parses the given Accept (or Accept-Language ) header. |
yii\web\Request |
post() | Returns POST parameter with a given name. If name isn't specified, returns an array of all POST parameters. | yii\web\Request |
resolve() | Resolves the current request into a route and the associated parameters. | yii\web\Request |
setAcceptableContentTypes() | Sets the acceptable content types. | yii\web\Request |
setAcceptableLanguages() | yii\web\Request | |
setBaseUrl() | Sets the relative URL for the application. | yii\web\Request |
setBodyParams() | Sets the request body parameters. | yii\web\Request |
setHostInfo() | Sets the schema and host part of the application URL. | yii\web\Request |
setIsConsoleRequest() | Sets the value indicating whether the current request is made via command line. | yii\base\Request |
setPathInfo() | Sets the path info of the current request. | yii\web\Request |
setPort() | Sets the port to use for insecure requests. | yii\web\Request |
setQueryParams() | Sets the request $queryString parameters. | yii\web\Request |
setRawBody() | Sets the raw HTTP request body, this method is mainly used by test scripts to simulate raw HTTP requests. | yii\web\Request |
setScriptFile() | Sets the entry script file path. | yii\web\Request |
setScriptUrl() | Sets the relative URL for the application entry script. | yii\web\Request |
setSecurePort() | Sets the port to use for secure requests. | yii\web\Request |
setUrl() | Sets the currently requested relative URL. | yii\web\Request |
trigger() | Triggers an event. | yii\base\Component |
validateCsrfToken() | Performs the CSRF validation. | yii\web\Request |
Protected Methods
Method | Description | Defined By |
---|---|---|
createCsrfCookie() | Creates a cookie with a randomly generated CSRF token. | yii\web\Request |
filterHeaders() | Filters headers according to the $trustedHosts. | yii\web\Request |
generateCsrfToken() | Generates an unmasked random token used to perform CSRF validation. | yii\web\Request |
getIpValidator() | Creates instance of yii\validators\IpValidator. | yii\web\Request |
getSecureForwardedHeaderParts() | Returns decoded forwarded header | yii\web\Request |
getSecureForwardedHeaderTrustedPart() | Gets first Forwarded header value for token |
yii\web\Request |
getSecureForwardedHeaderTrustedParts() | Gets only trusted Forwarded header parts |
yii\web\Request |
getTrustedHeaders() | Trusted headers according to the $trustedHosts. | yii\web\Request |
getUserIpFromIpHeader() | Return user IP's from IP header. | yii\web\Request |
getUserIpFromIpHeaders() | Returns the user IP address from $ipHeaders. | yii\web\Request |
loadCookies() | Converts $_COOKIE into an array of yii\web\Cookie. |
yii\web\Request |
loadCsrfToken() | Loads the CSRF token from cookie or session. | yii\web\Request |
resolvePathInfo() | Resolves the path info part of the currently requested URL. | yii\web\Request |
resolveRequestUri() | Resolves the request URI portion for the currently requested URL. | yii\web\Request |
Constants
Constant | Value | Description | Defined By |
---|---|---|---|
CSRF_HEADER | 'X-CSRF-Token' | The name of the HTTP header for sending CSRF token. | yii\web\Request |
CSRF_MASK_LENGTH | 8 | The length of the CSRF token mask. Deprecated since 2.0.12. The mask length is now equal to the token length. | yii\web\Request |
Property Details
The currently requested absolute URL. This property is read-only.
The content types ordered by the quality score. Types with the highest scores will be returned first. The array keys are the content types, while the array values are the corresponding quality score and other parameters as given in the header.
The languages ordered by the preference level. The first element represents the most preferred language.
That contains exactly two elements: - 0: the username sent via HTTP
authentication, null
if the username is not given - 1: the password sent via HTTP authentication, null
if
the password is not given. This property is read-only.
The password sent via HTTP authentication, null
if the password
is not given. This property is read-only.
The username sent via HTTP authentication, null
if the username is
not given. This property is read-only.
The relative URL for the application (usually with a leading slash).
The request parameters given in the request body.
Request content-type. Null is returned if this information is not available. This property is read-only.
A secret key used for cookie validation. This property must be set if $enableCookieValidation is true.
The cookie collection. This property is read-only.
The configuration for creating the CSRF cookie. This property is used only when both $enableCsrfValidation and $enableCsrfCookie are true.
The name of the token used to prevent CSRF. Defaults to '_csrf'. This property is used only when $enableCsrfValidation is true.
The token used to perform CSRF validation. This property is read-only.
The CSRF token sent via CSRF_HEADER by browser. Null is returned if no such header is sent. This property is read-only.
The entity tags. This property is read-only.
Whether cookies should be validated to ensure they are not tampered. Defaults to true.
Whether to use cookie to persist CSRF token. If false, CSRF token will be stored in session under the name of $csrfParam. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page, which will degrade your site performance.
Whether to enable CSRF (Cross-Site Request Forgery) validation. Defaults to true. When CSRF validation is enabled, forms submitted to an Yii Web application must be originated from the same application. If not, a 400 HTTP exception will be raised.
Note, this feature requires that the user client accepts cookie. Also, to use this feature, forms submitted via POST method must contain a hidden input whose name is specified by $csrfParam. You may use yii\helpers\Html::beginForm() to generate his hidden input.
In JavaScript, you may get the values of $csrfParam and $csrfToken via yii.getCsrfParam()
and
yii.getCsrfToken()
, respectively. The yii\web\YiiAsset asset must be registered.
You also need to include CSRF meta tags in your pages by using yii\helpers\Html::csrfMetaTags().
See also:
The header collection. This property is read-only.
Schema and hostname part (with port number if needed) of the request URL
(e.g. http://www.yiiframework.com
), null if can't be obtained from $_SERVER
and wasn't set. See
getHostInfo() for security related notes on this property.
Hostname part of the request URL (e.g. www.yiiframework.com
). This
property is read-only.
List of headers where proxies store the real client IP.
It's not advisable to put insecure headers here.
To use the Forwarded
header according to RFC 7239, the header must be added to $secureHeaders list.
The match of header names is case-insensitive.
See also:
Whether this is an AJAX (XMLHttpRequest) request. This property is read-only.
Whether this is a DELETE request. This property is read-only.
Whether this is an Adobe Flash or Adobe Flex request. This property is read-only.
Whether this is a GET request. This property is read-only.
Whether this is a HEAD request. This property is read-only.
Whether this is a OPTIONS request. This property is read-only.
Whether this is a PATCH request. This property is read-only.
Whether this is a PJAX request. This property is read-only.
Whether this is a POST request. This property is read-only.
Whether this is a PUT request. This property is read-only.
If the request is sent via secure channel (https). This property is read-only.
Request method, such as GET, POST, HEAD, PUT, PATCH, DELETE. The value returned is turned into upper case. This property is read-only.
The name of the POST parameter that is used to indicate if a request is a PUT, PATCH or DELETE request tunneled through POST. Defaults to '_method'.
See also:
URL origin of a CORS request, null
if not available. This property is
read-only.
The parsers for converting the raw HTTP request body into $bodyParams.
The array keys are the request Content-Types
, and the array values are the
corresponding configurations for creating the parser objects.
A parser must implement the yii\web\RequestParserInterface.
To enable parsing for JSON requests you can use the yii\web\JsonParser class like in the following example:
[
'application/json' => 'yii\web\JsonParser',
]
To register a parser for parsing all request types you can use '*'
as the array key.
This one will be used as a fallback in case no other types match.
See also getBodyParams().
Part of the request URL that is after the entry script and before the question mark. Note, the returned path info is already URL-decoded.
Port number for insecure requests.
The language that the application should use.
The request GET parameter values.
Part of the request URL that is after the question mark. This property is read-only.
The request body.
URL referrer, null if not available. This property is read-only.
Remote host name, null
if not available. This property is
read-only.
Remote IP address, null
if not available. This property is
read-only.
The entry script file path.
The relative URL of the entry script.
Lists of headers that are, by default, subject to the trusted host configuration.
These headers will be filtered unless explicitly allowed in $trustedHosts.
If the list contains the Forwarded
header, processing will be done according to RFC 7239.
The match of header names is case-insensitive.
See also:
Port number for secure requests.
List of headers to check for determining whether the connection is made via HTTPS. The array keys are header names and the array value is a list of header values that indicate a secure connection. The match of header names and values is case-insensitive. It's not advisable to put insecure headers here.
See also:
Server name, null if not available. This property is read-only.
Server port number, null if not available. This property is read-only.
The configuration for trusted security related headers.
An array key is an IPv4 or IPv6 IP address in CIDR notation for matching a client.
An array value is a list of headers to trust. These will be matched against $secureHeaders to determine which headers are allowed to be sent by a specified host. The case of the header names must be the same as specified in $secureHeaders.
For example, to trust all headers listed in $secureHeaders for IP addresses
in range 192.168.0.0-192.168.0.254
write the following:
[
'192.168.0.0/24',
]
To trust just the X-Forwarded-For
header from 10.0.0.1
, use:
[
'10.0.0.1' => ['X-Forwarded-For']
]
Default is to trust all headers except those listed in $secureHeaders from all hosts. Matches are tried in order and searching is stopped when IP matches.
Info: Matching is performed using yii\validators\IpValidator. See IpValidator::::setRanges() and yii\validators\IpValidator::$networks for advanced matching.
See also $secureHeaders.
The currently requested relative URL. Note that the URI returned may be URL-encoded depending on the client.
User agent, null if not available. This property is read-only.
User host name, null if not available. This property is read-only.
User IP address, null if not available. This property is read-only.
Method Details
Creates a cookie with a randomly generated CSRF token.
Initial values specified in $csrfCookie will be applied to the generated cookie.
See also $enableCsrfValidation.
protected yii\web\Cookie createCsrfCookie ( $token ) | ||
$token | string | The CSRF token |
return | yii\web\Cookie | The generated cookie |
---|
Filters headers according to the $trustedHosts.
protected void filterHeaders ( yii\web\HeaderCollection $headerCollection ) | ||
$headerCollection | yii\web\HeaderCollection |
Generates an unmasked random token used to perform CSRF validation.
protected string generateCsrfToken ( ) | ||
return | string | The random token for CSRF validation. |
---|
Returns GET parameter with a given name. If name isn't specified, returns an array of all GET parameters.
public array|mixed get ( $name = null, $defaultValue = null ) | ||
$name | string | The parameter name |
$defaultValue | mixed | The default parameter value if the parameter does not exist. |
Returns the currently requested absolute URL.
This is a shortcut to the concatenation of $hostInfo and $url.
public string getAbsoluteUrl ( ) | ||
return | string | The currently requested absolute URL. |
---|
Returns the content types acceptable by the end user.
This is determined by the Accept
HTTP header. For example,
$_SERVER['HTTP_ACCEPT'] = 'text/plain; q=0.5, application/json; version=1.0, application/xml; version=2.0;';
$types = $request->getAcceptableContentTypes();
print_r($types);
// displays:
// [
// 'application/json' => ['q' => 1, 'version' => '1.0'],
// 'application/xml' => ['q' => 1, 'version' => '2.0'],
// 'text/plain' => ['q' => 0.5],
// ]
public array getAcceptableContentTypes ( ) | ||
return | array | The content types ordered by the quality score. Types with the highest scores will be returned first. The array keys are the content types, while the array values are the corresponding quality score and other parameters as given in the header. |
---|
Returns the languages acceptable by the end user.
This is determined by the Accept-Language
HTTP header.
public array getAcceptableLanguages ( ) | ||
return | array | The languages ordered by the preference level. The first element represents the most preferred language. |
---|
public array getAuthCredentials ( ) | ||
return | array | That contains exactly two elements:
|
---|
See also getAuthCredentials() to get both username and password in one call.
public string|null getAuthPassword ( ) | ||
return | string|null | The password sent via HTTP authentication, |
---|
See also getAuthCredentials() to get both username and password in one call.
public string|null getAuthUser ( ) | ||
return | string|null | The username sent via HTTP authentication, |
---|
Returns the relative URL for the application.
This is similar to $scriptUrl except that it does not include the script file name, and the ending slashes are removed.
See also setScriptUrl().
public string getBaseUrl ( ) | ||
return | string | The relative URL for the application |
---|
Returns the named request body parameter value.
If the parameter does not exist, the second parameter passed to this method will be returned.
See also:
public mixed getBodyParam ( $name, $defaultValue = null ) | ||
$name | string | The parameter name |
$defaultValue | mixed | The default parameter value if the parameter does not exist. |
return | mixed | The parameter value |
---|
Returns the request parameters given in the request body.
Request parameters are determined using the parsers configured in $parsers property.
If no parsers are configured for the current $contentType it uses the PHP function mb_parse_str()
to parse the request body.
See also:
public array getBodyParams ( ) | ||
return | array | The request parameters given in the request body. |
---|---|---|
throws | yii\base\InvalidConfigException | if a registered parser does not implement the yii\web\RequestParserInterface. |
Returns request content-type The Content-Type header field indicates the MIME type of the data contained in getRawBody() or, in the case of the HEAD method, the media type that would have been sent had the request been a GET.
For the MIME-types the user expects in response, see $acceptableContentTypes.
public string getContentType ( ) | ||
return | string | Request content-type. Null is returned if this information is not available. |
---|
Returns the cookie collection.
Through the returned cookie collection, you may access a cookie using the following syntax:
$cookie = $request->cookies['name']
if ($cookie !== null) {
$value = $cookie->value;
}
// alternatively
$value = $request->cookies->getValue('name');
public yii\web\CookieCollection getCookies ( ) | ||
return | yii\web\CookieCollection | The cookie collection. |
---|
Returns the token used to perform CSRF validation.
This token is generated in a way to prevent BREACH attacks. It may be passed along via a hidden field of an HTML form or an HTTP header value to support CSRF validation.
public string getCsrfToken ( $regenerate = false ) | ||
$regenerate | boolean | Whether to regenerate CSRF token. When this parameter is true, each time this method is called, a new CSRF token will be generated and persisted (in session or cookie). |
return | string | The token used to perform CSRF validation. |
---|
public string getCsrfTokenFromHeader ( ) | ||
return | string | The CSRF token sent via CSRF_HEADER by browser. Null is returned if no such header is sent. |
---|
Gets the Etags.
public array getETags ( ) | ||
return | array | The entity tags |
---|
Returns the header collection.
The header collection contains incoming HTTP headers.
public yii\web\HeaderCollection getHeaders ( ) | ||
return | yii\web\HeaderCollection | The header collection |
---|
Returns the schema and host part of the current request URL.
The returned URL does not have an ending slash.
By default this value is based on the user request information. This method will
return the value of $_SERVER['HTTP_HOST']
if it is available or $_SERVER['SERVER_NAME']
if not.
You may want to check out the PHP documentation
for more information on these variables.
You may explicitly specify it by setting the hostInfo property.
Warning: Dependent on the server configuration this information may not be reliable and may be faked by the user sending the HTTP request. If the webserver is configured to serve the same site independent of the value of the
Host
header, this value is not reliable. In such situations you should either fix your webserver configuration or explicitly set the value by setting the hostInfo property. If you don't have access to the server configuration, you can setup yii\filters\HostControl filter at application level in order to protect against such kind of attack.
See also setHostInfo().
public string|null getHostInfo ( ) | ||
return | string|null | Schema and hostname part (with port number if needed) of the request URL
(e.g. |
---|
Returns the host part of the current request URL.
Value is calculated from current hostInfo property.
Warning: The content of this value may not be reliable, dependent on the server configuration. Please refer to getHostInfo() for more information.
See also getHostInfo().
public string|null getHostName ( ) | ||
return | string|null | Hostname part of the request URL (e.g. |
---|
Creates instance of yii\validators\IpValidator.
You can override this method to adjust validator or implement different matching strategy.
protected yii\validators\IpValidator getIpValidator ( ) |
Returns whether this is an AJAX (XMLHttpRequest) request.
Note that in case of cross domain requests, browser doesn't set the X-Requested-With header by default: https://stackoverflow.com/questions/8163703/cross-domain-ajax-doesnt-send-x-requested-with-header
In case you are using fetch()
, pass header manually:
fetch(url, {
method: 'GET',
headers: {'X-Requested-With': 'XMLHttpRequest'}
})
public boolean getIsAjax ( ) | ||
return | boolean | Whether this is an AJAX (XMLHttpRequest) request. |
---|
Returns whether this is a DELETE request.
public boolean getIsDelete ( ) | ||
return | boolean | Whether this is a DELETE request. |
---|
Returns whether this is an Adobe Flash or Flex request.
public boolean getIsFlash ( ) | ||
return | boolean | Whether this is an Adobe Flash or Adobe Flex request. |
---|
Returns whether this is a GET request.
public boolean getIsGet ( ) | ||
return | boolean | Whether this is a GET request. |
---|
Returns whether this is a HEAD request.
public boolean getIsHead ( ) | ||
return | boolean | Whether this is a HEAD request. |
---|
Returns whether this is an OPTIONS request.
public boolean getIsOptions ( ) | ||
return | boolean | Whether this is a OPTIONS request. |
---|
Returns whether this is a PATCH request.
public boolean getIsPatch ( ) | ||
return | boolean | Whether this is a PATCH request. |
---|
Returns whether this is a PJAX request.
public boolean getIsPjax ( ) | ||
return | boolean | Whether this is a PJAX request |
---|
Returns whether this is a POST request.
public boolean getIsPost ( ) | ||
return | boolean | Whether this is a POST request. |
---|
Returns whether this is a PUT request.
public boolean getIsPut ( ) | ||
return | boolean | Whether this is a PUT request. |
---|
Return if the request is sent via secure channel (https).
public boolean getIsSecureConnection ( ) | ||
return | boolean | If the request is sent via secure channel (https) |
---|
Returns the method of the current request (e.g. GET, POST, HEAD, PUT, PATCH, DELETE).
public string getMethod ( ) | ||
return | string | Request method, such as GET, POST, HEAD, PUT, PATCH, DELETE. The value returned is turned into upper case. |
---|
Returns the URL origin of a CORS request.
The return value is taken from the Origin
header sent by the browser.
Note that the origin request header indicates where a fetch originates from. It doesn't include any path information, but only the server name. It is sent with a CORS requests, as well as with POST requests. It is similar to the referer header, but, unlike this header, it doesn't disclose the whole path. Please refer to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin for more information.
See also getHeaders().
public string|null getOrigin ( ) | ||
return | string|null | URL origin of a CORS request, |
---|
Returns the path info of the currently requested URL.
A path info refers to the part that is after the entry script and before the question mark (query string). The starting and ending slashes are both removed.
public string getPathInfo ( ) | ||
return | string | Part of the request URL that is after the entry script and before the question mark. Note, the returned path info is already URL-decoded. |
---|---|---|
throws | yii\base\InvalidConfigException | if the path info cannot be determined due to unexpected server configuration |
Returns the port to use for insecure requests.
Defaults to 80, or the port specified by the server if the current request is insecure.
See also setPort().
public integer getPort ( ) | ||
return | integer | Port number for insecure requests. |
---|
Returns the user-preferred language that should be used by this application.
The language resolution is based on the user preferred languages and the languages supported by the application. The method will try to find the best match.
public string getPreferredLanguage ( array $languages = [] ) | ||
$languages | array | A list of the languages supported by the application. If this is empty, the current application language will be returned without further processing. |
return | string | The language that the application should use. |
---|
Returns the named GET parameter value.
If the GET parameter does not exist, the second parameter passed to this method will be returned.
See also getBodyParam().
public mixed getQueryParam ( $name, $defaultValue = null ) | ||
$name | string | The GET parameter name. |
$defaultValue | mixed | The default parameter value if the GET parameter does not exist. |
return | mixed | The GET parameter value |
---|
Returns the request parameters given in the $queryString.
This method will return the contents of $_GET
if params where not explicitly set.
See also setQueryParams().
public array getQueryParams ( ) | ||
return | array | The request GET parameter values. |
---|
Returns part of the request URL that is after the question mark.
public string getQueryString ( ) | ||
return | string | Part of the request URL that is after the question mark |
---|
Returns the raw HTTP request body.
public string getRawBody ( ) | ||
return | string | The request body |
---|
Returns the URL referrer.
public string|null getReferrer ( ) | ||
return | string|null | URL referrer, null if not available |
---|
Returns the host name of the other end of this connection.
This is always the next hop, any headers are ignored.
See also:
public string|null getRemoteHost ( ) | ||
return | string|null | Remote host name, |
---|
Returns the IP on the other end of this connection.
This is always the next hop, any headers are ignored.
public string|null getRemoteIP ( ) | ||
return | string|null | Remote IP address, |
---|
Returns the entry script file path.
The default implementation will simply return $_SERVER['SCRIPT_FILENAME']
.
public string getScriptFile ( ) | ||
return | string | The entry script file path |
---|---|---|
throws | yii\base\InvalidConfigException |
Returns the relative URL of the entry script.
The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework.
public string getScriptUrl ( ) | ||
return | string | The relative URL of the entry script. |
---|---|---|
throws | yii\base\InvalidConfigException | if unable to determine the entry script URL |
Returns decoded forwarded header
protected array getSecureForwardedHeaderParts ( ) |
Gets first Forwarded
header value for token
protected string|null getSecureForwardedHeaderTrustedPart ( $token ) | ||
$token | string | Header token |
Gets only trusted Forwarded
header parts
protected array getSecureForwardedHeaderTrustedParts ( ) |
Returns the port to use for secure requests.
Defaults to 443, or the port specified by the server if the current request is secure.
See also setSecurePort().
public integer getSecurePort ( ) | ||
return | integer | Port number for secure requests. |
---|
Returns the server name.
public string getServerName ( ) | ||
return | string | Server name, null if not available |
---|
Returns the server port number.
public integer|null getServerPort ( ) | ||
return | integer|null | Server port number, null if not available |
---|
Trusted headers according to the $trustedHosts.
protected array getTrustedHeaders ( ) |
Returns the currently requested relative URL.
This refers to the portion of the URL that is after the $hostInfo part. It includes the $queryString part if any.
public string getUrl ( ) | ||
return | string | The currently requested relative URL. Note that the URI returned may be URL-encoded depending on the client. |
---|---|---|
throws | yii\base\InvalidConfigException | if the URL cannot be determined due to unusual server configuration |
Returns the user agent.
public string|null getUserAgent ( ) | ||
return | string|null | User agent, null if not available |
---|
Returns the user host name.
The HOST is determined using headers and / or $_SERVER
variables.
public string|null getUserHost ( ) | ||
return | string|null | User host name, null if not available |
---|
Returns the user IP address.
The IP is determined using headers and / or $_SERVER
variables.
public string|null getUserIP ( ) | ||
return | string|null | User IP address, null if not available |
---|
Return user IP's from IP header.
See also:
- $getUserHost
- $ipHeader
- $trustedHeaders
protected string|null getUserIpFromIpHeader ( $ips ) | ||
$ips | string | Comma separated IP list |
return | string|null | IP as string. Null is returned if IP can not be determined from header. |
---|
Returns the user IP address from $ipHeaders.
See also $ipHeaders.
protected string|null getUserIpFromIpHeaders ( ) | ||
return | string|null | User IP address, null if not available |
---|
Converts $_COOKIE
into an array of yii\web\Cookie.
protected array loadCookies ( ) | ||
return | array | The cookies obtained from request |
---|---|---|
throws | yii\base\InvalidConfigException | if $cookieValidationKey is not set when $enableCookieValidation is true |
Loads the CSRF token from cookie or session.
protected string loadCsrfToken ( ) | ||
return | string | The CSRF token loaded from cookie or session. Null is returned if the cookie or session does not have CSRF token. |
---|
Parses the given Accept
(or Accept-Language
) header.
This method will return the acceptable values with their quality scores and the corresponding parameters
as specified in the given Accept
header. The array keys of the return value are the acceptable values,
while the array values consisting of the corresponding quality scores and parameters. The acceptable
values with the highest quality scores will be returned first. For example,
$header = 'text/plain; q=0.5, application/json; version=1.0, application/xml; version=2.0;';
$accepts = $request->parseAcceptHeader($header);
print_r($accepts);
// displays:
// [
// 'application/json' => ['q' => 1, 'version' => '1.0'],
// 'application/xml' => ['q' => 1, 'version' => '2.0'],
// 'text/plain' => ['q' => 0.5],
// ]
public array parseAcceptHeader ( $header ) | ||
$header | string | The header to be parsed |
return | array | The acceptable values ordered by their quality score. The values with the highest scores will be returned first. |
---|
Returns POST parameter with a given name. If name isn't specified, returns an array of all POST parameters.
public array|mixed post ( $name = null, $defaultValue = null ) | ||
$name | string | The parameter name |
$defaultValue | mixed | The default parameter value if the parameter does not exist. |
Resolves the current request into a route and the associated parameters.
public array resolve ( ) | ||
return | array | The first element is the route, and the second is the associated parameters. |
---|---|---|
throws | yii\web\NotFoundHttpException | if the request cannot be resolved. |
Resolves the path info part of the currently requested URL.
A path info refers to the part that is after the entry script and before the question mark (query string). The starting slashes are both removed (ending slashes will be kept).
protected string resolvePathInfo ( ) | ||
return | string | Part of the request URL that is after the entry script and before the question mark. Note, the returned path info is decoded. |
---|---|---|
throws | yii\base\InvalidConfigException | if the path info cannot be determined due to unexpected server configuration |
Resolves the request URI portion for the currently requested URL.
This refers to the portion that is after the $hostInfo part. It includes the $queryString part if any. The implementation of this method referenced Zend_Controller_Request_Http in Zend Framework.
protected string|boolean resolveRequestUri ( ) | ||
return | string|boolean | The request URI portion for the currently requested URL. Note that the URI returned may be URL-encoded depending on the client. |
---|---|---|
throws | yii\base\InvalidConfigException | if the request URI cannot be determined due to unusual server configuration |
Sets the acceptable content types.
Please refer to getAcceptableContentTypes() on the format of the parameter.
See also:
public void setAcceptableContentTypes ( $value ) | ||
$value | array | The content types that are acceptable by the end user. They should be ordered by the preference level. |
public void setAcceptableLanguages ( $value ) | ||
$value | array | The languages that are acceptable by the end user. They should be ordered by the preference level. |
Sets the relative URL for the application.
By default the URL is determined based on the entry script URL. This setter is provided in case you want to change this behavior.
public void setBaseUrl ( $value ) | ||
$value | string | The relative URL for the application |
public void setBodyParams ( $values ) | ||
$values | array | The request body parameters (name-value pairs) |
Sets the schema and host part of the application URL.
This setter is provided in case the schema and hostname cannot be determined on certain Web servers.
See also getHostInfo() for security related notes on this property.
public void setHostInfo ( $value ) | ||
$value | string|null | The schema and host part of the application URL. The trailing slashes will be removed. |
Sets the path info of the current request.
This method is mainly provided for testing purpose.
public void setPathInfo ( $value ) | ||
$value | string | The path info of the current request |
Sets the port to use for insecure requests.
This setter is provided in case a custom port is necessary for certain server configurations.
public void setPort ( $value ) | ||
$value | integer | Port number. |
public void setQueryParams ( $values ) | ||
$values | array | The request query parameters (name-value pairs) |
Sets the raw HTTP request body, this method is mainly used by test scripts to simulate raw HTTP requests.
public void setRawBody ( $rawBody ) | ||
$rawBody | string | The request body |
Sets the entry script file path.
The entry script file path normally can be obtained from $_SERVER['SCRIPT_FILENAME']
.
If your server configuration does not return the correct value, you may configure
this property to make it right.
public void setScriptFile ( $value ) | ||
$value | string | The entry script file path. |
Sets the relative URL for the application entry script.
This setter is provided in case the entry script URL cannot be determined on certain Web servers.
public void setScriptUrl ( $value ) | ||
$value | string | The relative URL for the application entry script. |
Sets the port to use for secure requests.
This setter is provided in case a custom port is necessary for certain server configurations.
public void setSecurePort ( $value ) | ||
$value | integer | Port number. |
Sets the currently requested relative URL.
The URI must refer to the portion that is after $hostInfo. Note that the URI should be URL-encoded.
public void setUrl ( $value ) | ||
$value | string | The request URI to be set |
Performs the CSRF validation.
This method will validate the user-provided CSRF token by comparing it with the one stored in cookie or session. This method is mainly called in yii\web\Controller::beforeAction().
Note that the method will NOT perform CSRF validation if $enableCsrfValidation is false or the HTTP method is among GET, HEAD or OPTIONS.
public boolean validateCsrfToken ( $clientSuppliedToken = null ) | ||
$clientSuppliedToken | string | The user-provided CSRF token to be validated. If null, the token will be retrieved from the $csrfParam POST field or HTTP header. This parameter is available since version 2.0.4. |
return | boolean | Whether CSRF token is valid. If $enableCsrfValidation is false, this method will return true. |
---|