ActionFilter
Filter - are handlers, executed before or after an Action. Filters can be used to deny action or to affect the action's result.
There two types of filters:
- prefilter - executed before initiating an Action. Can deny the action.
- postfilter - executed after initiating an Action. Can modify the completed action result.
\Bitrix\Main\Engine\ActionFilter\HttpMethod
Checks, which http method launches the action and blocks it, if method wasn't enumerated.
Method | Parameter and description | Available from version |
---|---|---|
__construct( array $allowedMethods = [self::METHOD_GET] ) | $allowedMethods {array}. List of permitted http methods. By default - GET. |
\Bitrix\Main\Engine\ActionFilter\Authentication
Checks, if user is authenticated and blocks execution of an action when failing the check, by setting http status 401. Can execute a redirect to the authorisation page when required.
Method | Parameter and description | Available from version |
---|---|---|
__construct( $enableRedirect = false ) | $enableRedirect {bool}. Enables or disables automatic redirect to authorization page, when check is unsuccessful. False by default. |
\Bitrix\Main\Engine\ActionFilter\Csrf
Checks for availability and validity the csrf token and blocks action, when the check is unsuccessful.
Method | Parameter and description | Available from version |
---|---|---|
__construct( $enabled = true, $tokenName = 'sessid', $returnNew = true ) |
|
\Bitrix\Main\Engine\ActionFilter\CloseSession
Executes session_write_close() before completing an action. Attention! Extra caution is required when using this filter! After closing the session, all its updates won't be saved. Find more details about how sessions work in this documentation at php.net.
Method | Parameter and description | Available from version |
---|---|---|
__construct( $enabled = true ) | $enabled {bool}. Enables or disables filter.True by default. |
\Bitrix\Main\Engine\ActionFilter\Scope
Allows blocking specific actions for indicated scope
Sets response headers for managing CORS. Filter allows executing action only in case of allowed content-type included in response. Handling application/json, automatically will register the object Filter re-codes data from POST query, when project's internal encoding differs from UTF-8.use \Bitrix\Main\Engine\ActionFilter\Scope;
new Scope(Scope::NOT_REST); //allow everywhere, except REST
new Scope(Scope::AJAX); //allow only in AJAX
Method Parameter and description Available from version
__construct(
$scopes
)
$scopes {int} Enumerated available scopes. Bit masks are used for validation. Available variants can be found in constants of class \Bitrix\Main\Engine\ActionFilter\Scope; \Bitrix\Main\Engine\ActionFilter\Cors
Method Parameter and description Available from version
__construct(
string $origin = null,
bool $credentials = false
)
\Bitrix\Main\Engine\ActionFilter\ContentType
\Bitrix\Main\Engine\JsonPayload
, which can be embed into parameters via parameters of AJAX action.
Method Parameter and description Available from version
__construct(
array $allowedTypes
)
$allowedTypes {array}. Enumeration of allowed content-type. For example, ['application/json']. \Bitrix\Main\Engine\ActionFilter\PostDecode