March 11, 2020 Javier Eguiluz

Some web sites have a "safe" mode to assist those who don't want to be exposed to content to which they might object. Instead of configuring this option for each web site, browser can indicate your safe preference to all web sites.

This feature is fully explained in the RFC 8674 document. Broadly speaking, browsers requesting safe content add the Prefer: safe HTTP header and servers honoring it include these headers in their responses: Preference-Applied: safe and Vary: Prefer .

In Symfony 5.1, we added support for this feature in the HttpFoundation component. First, you can check if a user requested safe content:

1 2 3 4 // $request is an instance of Symfony\Component\HttpFoundation\Request if ( $request -> preferSafeContent ()) { // ... }

If you fulfilled the safe request, use the setContentSafe() method on the response to add the needed HTTP headers:

1 2 3 4 use Symfony\Component\HttpFoundation\Response ; $response = new Response ( '...' ); $response -> setContentSafe ();