File tree 1 file changed +26
-0
lines changed
1 file changed +26
-0
lines changed Original file line number Diff line number Diff line change @@ -706,6 +706,31 @@ Session
706706
707707The session information is in its own document: :doc: `/components/http_foundation/sessions `.
708708
709+ Safe content preference - RFC 8674
710+ ----------------------------------
711+
712+ `RFC 8674 `_ (not yet an IETF standard) defines a way for user agents to ask for "safe"
713+ content to a server. Symfony offers 2 methods to interact with this preference:
714+
715+ * :method: `Symfony\\ Component\\ HttpFoundation\\ Request::preferSafeContent `;
716+ * :method: `Symfony\\ Component\\ HttpFoundation\\ Response::setContentSafe `;
717+
718+ When the user agent prefers "safe" content, you can detect it and send it a more appropriate
719+ reponse::
720+
721+ if ($request->preferSafeContent()) {
722+ $response = new Response($alternativeContent);
723+ $response->setContentSafe(); // Inform the user we respected their preferences
724+
725+ return $response;
726+ }
727+
728+ .. note ::
729+
730+ The RFC 8674 does not define a precise semantic for "safe". Rather, the term is interpreted
731+ by the server and within the scope of each web site that chooses to act upon this information.
732+
733+
709734Learn More
710735----------
711736
@@ -723,3 +748,4 @@ Learn More
723748.. _Apache : https://tn123.org/mod_xsendfile/
724749.. _`JSON Hijacking` : http://haacked.com/archive/2009/06/25/json-hijacking.aspx
725750.. _OWASP guidelines : https://cheatsheetseries.owasp.org/cheatsheets/AJAX_Security_Cheat_Sheet.html#always-return-json-with-an-object-on-the-outside
751+ .. _RFC 8674 : https://tools.ietf.org/html/rfc8674
You can’t perform that action at this time.
0 commit comments