Request
class Request implements IRequest
Immutable representation of an HTTP request with access to URL, headers, cookies, uploaded files, and body.
Properties
| UrlScript read-only | $url | ||
| array<string,mixed> read-only | $query | ||
| array<string,mixed> read-only | $post | ||
| array<string,mixed> read-only | $files | ||
| array<string,string> read-only | $cookies | ||
| string read-only | $method | ||
| array<string,string> read-only | $headers | ||
| UrlImmutable read-only | $referer | ||
| bool read-only | $secured | ||
| bool read-only | $ajax | ||
| ?string read-only | $remoteAddress | ||
| ?string read-only | $rawBody |
Methods
No description
Returns a URL query parameter, or all parameters as an array if no key is given.
Returns a POST parameter, or all POST parameters as an array if no key is given.
Returns the uploaded file for the given key, or null if not present.
Returns the tree of uploaded files, with each leaf being a FileUpload instance.
Returns a cookie or null if it does not exist.
Returns all cookies.
Returns the HTTP method with which the request was made (GET, POST, HEAD, PUT, ...).
Checks the HTTP method with which the request was made. The parameter is case-insensitive.
Returns an HTTP header or null if it does not exist. The parameter is case-insensitive.
Returns all HTTP headers as associative array.
Returns the referrer URL from the Referer header. Unreliable - clients may omit or spoof it.
Returns the request origin (scheme + host + port) from the Origin header, or null if absent or invalid.
Checks whether the request was sent via a secure channel (HTTPS).
Checks whether the request originated from your own site (same-site), i.e. it was not triggered from a foreign website. Serves as a CSRF-like protection for forms and signals.
Checks whether the request matches the given Sec-Fetch-Site, Sec-Fetch-Dest and Sec-Fetch-User values.
Checks whether the request was made via AJAX (X-Requested-With: XMLHttpRequest).
Returns the IP address of the remote client.
No description
Returns raw content of HTTP request body.
Returns basic HTTP authentication credentials.
Returns the most preferred language from the Accept-Language header that matches one of the supported languages, or null if no match is found.
Details
at line 46
__construct(UrlScript $url, array $post = [], array $files = [], array $cookies = [], array $headers = [], string $method = 'GET', string|null $remoteAddress = null, string|null $remoteHost = null, callable|null $rawBodyCallback = null)
No description
at line 79
UrlScript
getUrl()
Returns the URL of the request.
at line 91
mixed
getQuery(string|null $key = null)
Returns a URL query parameter, or all parameters as an array if no key is given.
at line 105
mixed
getPost(string|null $key = null)
Returns a POST parameter, or all POST parameters as an array if no key is given.
at line 121
FileUpload
getFile(string $key)
Returns the uploaded file for the given key, or null if not present.
Accepts a string key or an array of keys for nested file structures (e.g. ['form', 'avatar']).
at line 132
array
getFiles()
Returns the tree of uploaded files, with each leaf being a FileUpload instance.
at line 141
mixed
getCookie(string $key)
Returns a cookie or null if it does not exist.
at line 151
array
getCookies()
Returns all cookies.
at line 163
string
getMethod()
Returns the HTTP method with which the request was made (GET, POST, HEAD, PUT, ...).
at line 172
bool
isMethod(string $method)
Checks the HTTP method with which the request was made. The parameter is case-insensitive.
at line 181
string|null
getHeader(string $header)
Returns an HTTP header or null if it does not exist. The parameter is case-insensitive.
at line 192
array
getHeaders()
Returns all HTTP headers as associative array.
at line 202
UrlImmutable|null
getReferer()
deprecated
deprecated
Returns the referrer URL from the Referer header. Unreliable - clients may omit or spoof it.
at line 213
UrlImmutable|null
getOrigin()
Returns the request origin (scheme + host + port) from the Origin header, or null if absent or invalid.
at line 226
bool
isSecured()
Checks whether the request was sent via a secure channel (HTTPS).
at line 237
bool
isSameSite()
deprecated
deprecated
Checks whether the request originated from your own site (same-site), i.e. it was not triggered from a foreign website. Serves as a CSRF-like protection for forms and signals.
at line 249
bool
isFrom(FetchSite> $site, FetchDest>|null $dest = null, ?bool $user = null)
Checks whether the request matches the given Sec-Fetch-Site, Sec-Fetch-Dest and Sec-Fetch-User values.
Falls back to the SameSite=Strict cookie in browsers without Sec-Fetch (Safari < 16.4)
at line 279
bool
isAjax()
Checks whether the request was made via AJAX (X-Requested-With: XMLHttpRequest).
at line 288
string|null
getRemoteAddress()
Returns the IP address of the remote client.
at line 294
string|null
getRemoteHost()
No description
at line 305
string|null
getRawBody()
Returns raw content of HTTP request body.
at line 315
array|null
getBasicCredentials()
Returns basic HTTP authentication credentials.
at line 335
string|null
detectLanguage(array $langs)
Returns the most preferred language from the Accept-Language header that matches one of the supported languages, or null if no match is found.