Chris@0: <?php
Chris@0: 
Chris@0: namespace Drupal\big_pipe\Controller;
Chris@0: 
Chris@0: use Drupal\big_pipe\Render\Placeholder\BigPipeStrategy;
Chris@0: use Drupal\Core\Cache\CacheableMetadata;
Chris@0: use Drupal\Core\Routing\LocalRedirectResponse;
Chris@0: use Symfony\Component\HttpFoundation\Cookie;
Chris@0: use Symfony\Component\HttpFoundation\Request;
Chris@0: use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
Chris@0: use Symfony\Component\HttpKernel\Exception\HttpException;
Chris@0: 
Chris@0: /**
Chris@0:  * Returns responses for BigPipe module routes.
Chris@0:  */
Chris@0: class BigPipeController {
Chris@0: 
Chris@0:   /**
Chris@0:    * Sets a BigPipe no-JS cookie, redirects back to the original location.
Chris@0:    *
Chris@0:    * @param \Symfony\Component\HttpFoundation\Request $request
Chris@0:    *   The current request.
Chris@0:    *
Chris@0:    * @return \Drupal\Core\Routing\LocalRedirectResponse
Chris@0:    *   A response that sets the no-JS cookie and redirects back to the original
Chris@0:    *   location.
Chris@0:    *
Chris@0:    * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
Chris@0:    *   Thrown when the no-JS cookie is already set or when there is no session.
Chris@0:    * @throws \Symfony\Component\HttpKernel\Exception\HttpException
Chris@0:    *   Thrown when the original location is missing, i.e. when no 'destination'
Chris@0:    *   query argument is set.
Chris@0:    *
Chris@0:    * @see \Drupal\big_pipe\Render\Placeholder\BigPipeStrategy
Chris@0:    */
Chris@0:   public function setNoJsCookie(Request $request) {
Chris@0:     // This controller may only be accessed when the browser does not support
Chris@0:     // JavaScript. It is accessed automatically when that's the case thanks to
Chris@0:     // big_pipe_page_attachments(). When this controller is executed, deny
Chris@0:     // access when either:
Chris@0:     // - the no-JS cookie is already set: this indicates a redirect loop, since
Chris@0:     //   the cookie was already set, yet the user is executing this controller;
Chris@0:     // - there is no session, in which case BigPipe is not enabled anyway, so it
Chris@0:     //   is pointless to set this cookie.
Chris@18:     if ($request->cookies->has(BigPipeStrategy::NOJS_COOKIE) || !$request->hasSession()) {
Chris@0:       throw new AccessDeniedHttpException();
Chris@0:     }
Chris@0: 
Chris@0:     if (!$request->query->has('destination')) {
Chris@0:       throw new HttpException(400, 'The original location is missing.');
Chris@0:     }
Chris@0: 
Chris@0:     $response = new LocalRedirectResponse($request->query->get('destination'));
Chris@0:     // Set cookie without httpOnly, so that JavaScript can delete it.
Chris@18:     $response->headers->setCookie(new Cookie(BigPipeStrategy::NOJS_COOKIE, TRUE, 0, '/', NULL, FALSE, FALSE, FALSE, NULL));
Chris@0:     $response->addCacheableDependency((new CacheableMetadata())->addCacheContexts(['cookies:' . BigPipeStrategy::NOJS_COOKIE, 'session.exists']));
Chris@0:     return $response;
Chris@0:   }
Chris@0: 
Chris@0: }