Request
class Request implements IRequest
Immutable representation of an HTTP request with access to URL, headers, cookies, uploaded files, and body.
Properties
| UrlScript read-only | $url | ||
| array<string,mixed> read-only | $query | ||
| array<string,mixed> read-only | $post | ||
| array<string,mixed> read-only | $files | ||
| array<string,string> read-only | $cookies | ||
| string read-only | $method | ||
| array<string,string> read-only | $headers | ||
| UrlImmutable read-only | $referer | ||
| bool read-only | $secured | ||
| bool read-only | $ajax | ||
| ?string read-only | $remoteAddress | ||
| ?string read-only | $rawBody |
Methods
No description
Returns a URL query parameter, or all parameters as an array if no key is given.
Returns a POST parameter, or all POST parameters as an array if no key is given.
Returns the uploaded file for the given key, or null if not present.
Returns the tree of uploaded files, with each leaf being a FileUpload instance.
Returns a cookie or null if it does not exist.
Returns all cookies.
Returns the HTTP method with which the request was made (GET, POST, HEAD, PUT, ...).
Checks the HTTP method with which the request was made. The parameter is case-insensitive.
Returns an HTTP header or null if it does not exist. The parameter is case-insensitive.
Returns all HTTP headers as associative array.
No description
Returns the request origin (scheme + host + port) from the Origin header, or null if absent or invalid.
Checks whether the request was sent via a secure channel (HTTPS).
Checks whether the request originated from your own site (same-site), i.e. it was not triggered from a foreign website. Serves as a CSRF-like protection for forms and signals.
Checks whether the request matches the given Sec-Fetch-Site, Sec-Fetch-Dest and Sec-Fetch-User values.
Checks whether the request was made via AJAX (X-Requested-With: XMLHttpRequest).
Returns the IP address of the remote client.
Returns raw content of HTTP request body.
Returns basic HTTP authentication credentials.
Returns the most preferred language from the Accept-Language header that matches one of the supported languages, or null if no match is found.
Details
at line 45
__construct(UrlScript $url, array $post = [], array $files = [], array $cookies = [], array $headers = [], string $method = 'GET', string|null $remoteAddress = null, callable|null $rawBodyCallback = null)
No description
at line 77
UrlScript
getUrl()
Returns the URL of the request.
at line 89
mixed
getQuery(string|null $key = null)
Returns a URL query parameter, or all parameters as an array if no key is given.
at line 103
mixed
getPost(string|null $key = null)
Returns a POST parameter, or all POST parameters as an array if no key is given.
at line 119
FileUpload|null
getFile(string $key)
Returns the uploaded file for the given key, or null if not present.
Accepts a string key or an array of keys for nested file structures (e.g. ['form', 'avatar']).
at line 130
array
getFiles()
Returns the tree of uploaded files, with each leaf being a FileUpload instance.
at line 139
mixed
getCookie(string $key)
Returns a cookie or null if it does not exist.
at line 149
array
getCookies()
Returns all cookies.
at line 161
string
getMethod()
Returns the HTTP method with which the request was made (GET, POST, HEAD, PUT, ...).
at line 170
bool
isMethod(string $method)
Checks the HTTP method with which the request was made. The parameter is case-insensitive.
at line 179
string|null
getHeader(string $header)
Returns an HTTP header or null if it does not exist. The parameter is case-insensitive.
at line 190
array
getHeaders()
Returns all HTTP headers as associative array.
at line 196
UrlImmutable|null
getReferer()
No description
at line 209
UrlImmutable|null
getOrigin()
Returns the request origin (scheme + host + port) from the Origin header, or null if absent or invalid.
at line 222
bool
isSecured()
Checks whether the request was sent via a secure channel (HTTPS).
at line 233
bool
isSameSite()
deprecated
deprecated
Checks whether the request originated from your own site (same-site), i.e. it was not triggered from a foreign website. Serves as a CSRF-like protection for forms and signals.
at line 245
bool
isFrom(FetchSite> $site, FetchDest>|null $dest = null, ?bool $user = null)
Checks whether the request matches the given Sec-Fetch-Site, Sec-Fetch-Dest and Sec-Fetch-User values.
at line 267
bool
isAjax()
Checks whether the request was made via AJAX (X-Requested-With: XMLHttpRequest).
at line 276
string|null
getRemoteAddress()
Returns the IP address of the remote client.
at line 285
string|null
getRawBody()
Returns raw content of HTTP request body.
at line 295
array|null
getBasicCredentials()
Returns basic HTTP authentication credentials.
at line 315
string|null
detectLanguage(array $langs)
Returns the most preferred language from the Accept-Language header that matches one of the supported languages, or null if no match is found.