Code Coverage for /Users/ericduran/Sites/drupal/drupal/core/lib/Drupal/Core/EventSubscriber/FinishResponseSubscriber.php

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 8	CRAP	0.00% covered (danger)	0.00%	0 / 73
FinishResponseSubscriber	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 8	506	0.00% covered (danger)	0.00%	0 / 73
__construct				0.00% covered (danger)	0.00%	0 / 1	2	0.00% covered (danger)	0.00%	0 / 7
onRespond				0.00% covered (danger)	0.00%	0 / 1	110	0.00% covered (danger)	0.00%	0 / 33
isCacheControlCustomized				0.00% covered (danger)	0.00%	0 / 1	6	0.00% covered (danger)	0.00%	0 / 3
setResponseNotCacheable				0.00% covered (danger)	0.00%	0 / 1	2	0.00% covered (danger)	0.00%	0 / 6
setResponseCacheable				0.00% covered (danger)	0.00%	0 / 1	30	0.00% covered (danger)	0.00%	0 / 17
setCacheControlNoCache				0.00% covered (danger)	0.00%	0 / 1	2	0.00% covered (danger)	0.00%	0 / 2
setExpiresNoCache				0.00% covered (danger)	0.00%	0 / 1	2	0.00% covered (danger)	0.00%	0 / 2
getSubscribedEvents				0.00% covered (danger)	0.00%	0 / 1	2	0.00% covered (danger)	0.00%	0 / 3

1	<?php
2
3	/**
4	* @file
5	* Contains \Drupal\Core\EventSubscriber\FinishResponseSubscriber.
6	*/
7
8	namespace Drupal\Core\EventSubscriber;
9
10	use Drupal\Component\Datetime\DateTimePlus;
11	use Drupal\Core\Cache\CacheableResponseInterface;
12	use Drupal\Core\Cache\Context\CacheContextsManager;
13	use Drupal\Core\Config\ConfigFactoryInterface;
14	use Drupal\Core\Language\LanguageManagerInterface;
15	use Drupal\Core\PageCache\RequestPolicyInterface;
16	use Drupal\Core\PageCache\ResponsePolicyInterface;
17	use Drupal\Core\Site\Settings;
18	use Symfony\Component\HttpFoundation\Request;
19	use Symfony\Component\HttpFoundation\Response;
20	use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
21	use Symfony\Component\HttpKernel\KernelEvents;
22	use Symfony\Component\EventDispatcher\EventSubscriberInterface;
23
24	/**
25	* Response subscriber to handle finished responses.
26	*/
27	class FinishResponseSubscriber implements EventSubscriberInterface {
28
29	/**
30	* The language manager object for retrieving the correct language code.
31	*
32	* @var \Drupal\Core\Language\LanguageManagerInterface
33	*/
34	protected $languageManager;
35
36	/**
37	* A config object for the system performance configuration.
38	*
39	* @var \Drupal\Core\Config\Config
40	*/
41	protected $config;
42
43	/**
44	* A policy rule determining the cacheability of a request.
45	*
46	* @var \Drupal\Core\PageCache\RequestPolicyInterface
47	*/
48	protected $requestPolicy;
49
50	/**
51	* A policy rule determining the cacheability of the response.
52	*
53	* @var \Drupal\Core\PageCache\ResponsePolicyInterface
54	*/
55	protected $responsePolicy;
56
57	/**
58	* The cache contexts manager service.
59	*
60	* @var \Drupal\Core\Cache\Context\CacheContextsManager
61	*/
62	protected $cacheContexts;
63
64	/**
65	* Whether to send cacheability headers for debugging purposes.
66	*
67	* @var bool
68	*/
69	protected $debugCacheabilityHeaders = FALSE;
70
71	/**
72	* Constructs a FinishResponseSubscriber object.
73	*
74	* @param \Drupal\Core\Language\LanguageManagerInterface $language_manager
75	* The language manager object for retrieving the correct language code.
76	* @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
77	* A config factory for retrieving required config objects.
78	* @param \Drupal\Core\PageCache\RequestPolicyInterface $request_policy
79	* A policy rule determining the cacheability of a request.
80	* @param \Drupal\Core\PageCache\ResponsePolicyInterface $response_policy
81	* A policy rule determining the cacheability of a response.
82	* @param \Drupal\Core\Cache\Context\CacheContextsManager $cache_contexts_manager
83	* The cache contexts manager service.
84	* @param bool $http_response_debug_cacheability_headers
85	* (optional) Whether to send cacheability headers for debugging purposes.
86	*/
87	public function __construct(LanguageManagerInterface $language_manager, ConfigFactoryInterface $config_factory, RequestPolicyInterface $request_policy, ResponsePolicyInterface $response_policy, CacheContextsManager $cache_contexts_manager, $http_response_debug_cacheability_headers = FALSE) {
88	$this->languageManager = $language_manager;
89	$this->config = $config_factory->get('system.performance');
90	$this->requestPolicy = $request_policy;
91	$this->responsePolicy = $response_policy;
92	$this->cacheContextsManager = $cache_contexts_manager;
93	$this->debugCacheabilityHeaders = $http_response_debug_cacheability_headers;
94	}
95
96	/**
97	* Sets extra headers on successful responses.
98	*
99	* @param \Symfony\Component\HttpKernel\Event\FilterResponseEvent $event
100	* The event to process.
101	*/
102	public function onRespond(FilterResponseEvent $event) {
103	if (!$event->isMasterRequest()) {
104	return;
105	}
106
107	$request = $event->getRequest();
108	$response = $event->getResponse();
109
110	// Set the X-UA-Compatible HTTP header to force IE to use the most recent
111	// rendering engine.
112	$response->headers->set('X-UA-Compatible', 'IE=edge', FALSE);
113
114	// Set the Content-language header.
115	$response->headers->set('Content-language', $this->languageManager->getCurrentLanguage()->getId());
116
117	// Prevent browsers from sniffing a response and picking a MIME type
118	// different from the declared content-type, since that can lead to
119	// XSS and other vulnerabilities.
120	// https://www.owasp.org/index.php/List_of_useful_HTTP_headers
121	$response->headers->set('X-Content-Type-Options', 'nosniff', FALSE);
122	$response->headers->set('X-Frame-Options', 'SAMEORIGIN', FALSE);
123
124	// If the current response isn't an implementation of the
125	// CacheableResponseInterface, we assume that a Response is either
126	// explicitly not cacheable or that caching headers are already set in
127	// another place.
128	if (!$response instanceof CacheableResponseInterface) {
129	if (!$this->isCacheControlCustomized($response)) {
130	$this->setResponseNotCacheable($response, $request);
131	}
132
133	// HTTP/1.0 proxies do not support the Vary header, so prevent any caching
134	// by sending an Expires date in the past. HTTP/1.1 clients ignore the
135	// Expires header if a Cache-Control: max-age directive is specified (see
136	// RFC 2616, section 14.9.3).
137	if (!$response->headers->has('Expires')) {
138	$this->setExpiresNoCache($response);
139	}
140	return;
141	}
142
143	if ($this->debugCacheabilityHeaders) {
144	// Expose the cache contexts and cache tags associated with this page in a
145	// X-Drupal-Cache-Contexts and X-Drupal-Cache-Tags header respectively.
146	$response_cacheability = $response->getCacheableMetadata();
147	$response->headers->set('X-Drupal-Cache-Tags', implode(' ', $response_cacheability->getCacheTags()));
148	$response->headers->set('X-Drupal-Cache-Contexts', implode(' ', $this->cacheContextsManager->optimizeTokens($response_cacheability->getCacheContexts())));
149	}
150
151	$is_cacheable = ($this->requestPolicy->check($request) === RequestPolicyInterface::ALLOW) && ($this->responsePolicy->check($response, $request) !== ResponsePolicyInterface::DENY);
152
153	// Add headers necessary to specify whether the response should be cached by
154	// proxies and/or the browser.
155	if ($is_cacheable && $this->config->get('cache.page.max_age') > 0) {
156	if (!$this->isCacheControlCustomized($response)) {
157	// Only add the default Cache-Control header if the controller did not
158	// specify one on the response.
159	$this->setResponseCacheable($response, $request);
160	}
161	}
162	else {
163	// If either the policy forbids caching or the sites configuration does
164	// not allow to add a max-age directive, then enforce a Cache-Control
165	// header declaring the response as not cacheable.
166	$this->setResponseNotCacheable($response, $request);
167	}
168	}
169
170	/**
171	* Determine whether the given response has a custom Cache-Control header.
172	*
173	* Upon construction, the ResponseHeaderBag is initialized with an empty
174	* Cache-Control header. Consequently it is not possible to check whether the
175	* header was set explicitly by simply checking its presence. Instead, it is
176	* necessary to examine the computed Cache-Control header and compare with
177	* values known to be present only when Cache-Control was never set
178	* explicitly.
179	*
180	* When neither Cache-Control nor any of the ETag, Last-Modified, Expires
181	* headers are set on the response, ::get('Cache-Control') returns the value
182	* 'no-cache'. If any of ETag, Last-Modified or Expires are set but not
183	* Cache-Control, then 'private, must-revalidate' (in exactly this order) is
184	* returned.
185	*
186	* @see \Symfony\Component\HttpFoundation\ResponseHeaderBag::computeCacheControlValue()
187	*
188	* @param \Symfony\Component\HttpFoundation\Response $response
189	*
190	* @return bool
191	* TRUE when Cache-Control header was set explicitly on the given response.
192	*/
193	protected function isCacheControlCustomized(Response $response) {
194	$cache_control = $response->headers->get('Cache-Control');
195	return $cache_control != 'no-cache' && $cache_control != 'private, must-revalidate';
196	}
197
198	/**
199	* Add Cache-Control and Expires headers to a response which is not cacheable.
200	*
201	* @param \Symfony\Component\HttpFoundation\Response $response
202	* A response object.
203	* @param \Symfony\Component\HttpFoundation\Request $request
204	* A request object.
205	*/
206	protected function setResponseNotCacheable(Response $response, Request $request) {
207	$this->setCacheControlNoCache($response);
208	$this->setExpiresNoCache($response);
209
210	// There is no point in sending along headers necessary for cache
211	// revalidation, if caching by proxies and browsers is denied in the first
212	// place. Therefore remove ETag, Last-Modified and Vary in that case.
213	$response->setEtag(NULL);
214	$response->setLastModified(NULL);
215	$response->setVary(NULL);
216	}
217
218	/**
219	* Add Cache-Control and Expires headers to a cacheable response.
220	*
221	* @param \Symfony\Component\HttpFoundation\Response $response
222	* A response object.
223	* @param \Symfony\Component\HttpFoundation\Request $request
224	* A request object.
225	*/
226	protected function setResponseCacheable(Response $response, Request $request) {
227	// HTTP/1.0 proxies do not support the Vary header, so prevent any caching
228	// by sending an Expires date in the past. HTTP/1.1 clients ignore the
229	// Expires header if a Cache-Control: max-age directive is specified (see
230	// RFC 2616, section 14.9.3).
231	if (!$response->headers->has('Expires')) {
232	$this->setExpiresNoCache($response);
233	}
234
235	$max_age = $this->config->get('cache.page.max_age');
236	$response->headers->set('Cache-Control', 'public, max-age=' . $max_age);
237
238	// In order to support HTTP cache-revalidation, ensure that there is a
239	// Last-Modified and an ETag header on the response.
240	if (!$response->headers->has('Last-Modified')) {
241	$timestamp = REQUEST_TIME;
242	$response->setLastModified(new \DateTime(gmdate(DateTimePlus::RFC7231, REQUEST_TIME)));
243	}
244	else {
245	$timestamp = $response->getLastModified()->getTimestamp();
246	}
247	$response->setEtag($timestamp);
248
249	// Allow HTTP proxies to cache pages for anonymous users without a session
250	// cookie. The Vary header is used to indicates the set of request-header
251	// fields that fully determines whether a cache is permitted to use the
252	// response to reply to a subsequent request for a given URL without
253	// revalidation.
254	if (!$response->hasVary() && !Settings::get('omit_vary_cookie')) {
255	$response->setVary('Cookie', FALSE);
256	}
257	}
258
259	/**
260	* Disable caching in the browser and for HTTP/1.1 proxies and clients.
261	*
262	* @param \Symfony\Component\HttpFoundation\Response $response
263	* A response object.
264	*/
265	protected function setCacheControlNoCache(Response $response) {
266	$response->headers->set('Cache-Control', 'no-cache, must-revalidate, post-check=0, pre-check=0');
267	}
268
269	/**
270	* Disable caching in ancient browsers and for HTTP/1.0 proxies and clients.
271	*
272	* HTTP/1.0 proxies do not support the Vary header, so prevent any caching by
273	* sending an Expires date in the past. HTTP/1.1 clients ignore the Expires
274	* header if a Cache-Control: max-age= directive is specified (see RFC 2616,
275	* section 14.9.3).
276	*
277	* @param \Symfony\Component\HttpFoundation\Response $response
278	* A response object.
279	*/
280	protected function setExpiresNoCache(Response $response) {
281	$response->setExpires(\DateTime::createFromFormat('j-M-Y H:i:s T', '19-Nov-1978 05:00:00 UTC'));
282	}
283
284	/**
285	* Registers the methods in this class that should be listeners.
286	*
287	* @return array
288	* An array of event listener definitions.
289	*/
290	public static function getSubscribedEvents() {
291	$events[KernelEvents::RESPONSE][] = array('onRespond');
292	return $events;
293	}
294	}