Documentation

ActionFilter

Filter - are handlers, executed before or after an Action. Filters can be used to deny action or to affect the action's result.

There two types of filters:

  • prefilter - executed before initiating an Action. Can deny the action.
  • postfilter - executed after initiating an Action. Can modify the completed action result.

\Bitrix\Main\Engine\ActionFilter\HttpMethod

Checks, which http method launches the action and blocks it, if method wasn't enumerated.

Method Parameter and description Available from version
__construct(
   array $allowedMethods = [self::METHOD_GET]
)
 $allowedMethods {array}. List of permitted http methods. By default - GET.

\Bitrix\Main\Engine\ActionFilter\Authentication

Checks, if user is authenticated and blocks execution of an action when failing the check, by setting http status 401. Can execute a redirect to the authorisation page when required.

Method Parameter and description Available from version
__construct(
   $enableRedirect = false
)
 $enableRedirect {bool}. Enables or disables automatic redirect to authorization page, when check is unsuccessful. False by default.

\Bitrix\Main\Engine\ActionFilter\Csrf

Checks for availability and validity the csrf token and blocks action, when the check is unsuccessful.

Method Parameter and description Available from version
__construct(
   $enabled = true,
   $tokenName = 'sessid',
   $returnNew = true
)
  • $enabled {bool} Enables or disables check of token. True by default.
  • $tokenName {string} Name used to pass the token's value. Used for searching in $_GET, $_POST. Sessid by default.
  • $returnNew {bool} Signals, if a new token value must be returned after unsuccessful check. Note that \Bitrix\Main\Error::$customData is used to return result. True by default.

\Bitrix\Main\Engine\ActionFilter\CloseSession

Executes session_write_close() before completing an action. Attention! Extra caution is required when using this filter! After closing the session, all its updates won't be saved. Find more details about how sessions work in this documentation at php.net.

Method Parameter and description Available from version
__construct(
   $enabled = true
)
 $enabled {bool}. Enables or disables filter.True by default.

\Bitrix\Main\Engine\ActionFilter\Scope

Allows blocking specific actions for indicated scope. For example, only specific actions can be opened for REST, but all the rest of actions will be available for AJAX only.

use \Bitrix\Main\Engine\ActionFilter\Scope;

new Scope(Scope::NOT_REST); //allow everywhere, except REST
new Scope(Scope::AJAX); //allow only in AJAX
Method Parameter and description Available from version
__construct(
   $scopes
)
 $scopes {int} Enumerated available scopes. Bit masks are used for validation. Available variants can be found in constants of class \Bitrix\Main\Engine\ActionFilter\Scope;

\Bitrix\Main\Engine\ActionFilter\Cors

Sets response headers for managing CORS.

Method Parameter and description Available from version
__construct(
   string $origin = null,
   bool $credentials = false
)
  • $origin {string} Used for setting the header Access-Control-Allow-Origin.Null by default.
  • $credentials {bool} If true, sets the header Access-Control-Allow-Credentials.False by default.

\Bitrix\Main\Engine\ActionFilter\ContentType

Filter allows executing action only in case of allowed content-type included in response. Handling application/json, automatically will register the object \Bitrix\Main\Engine\JsonPayload, which can be embed into parameters via parameters of AJAX action.

Method Parameter and description Available from version
__construct(
   array $allowedTypes
)
 $allowedTypes {array}. Enumeration of allowed content-type. For example, ['application/json'].

\Bitrix\Main\Engine\ActionFilter\PostDecode

Filter re-codes data from POST query, when project's internal encoding differs from UTF-8.


© «Bitrix24», 2001-2024
Up