view method

HttpResponse view(String template, [ ViewData? data ])

Implementation

HttpResponse view(String template, [ViewData? data]) {
  final engine = App().container.make<TemplateEngine>();
  final html = engine.render(template, data ?? {});

  final res = response;
  final config = App().container.make<AppConfig>();

  // --- Performance headers ---
  res.headers.contentType = ContentType.html;
  res.headers.set(HttpHeaders.cacheControlHeader,
      'public, max-age=300, must-revalidate');
  res.headers.set(HttpHeaders.varyHeader, 'Accept-Encoding');
  //
  // // --- Security headers ---
  res.headers.set('X-Content-Type-Options', 'nosniff');
  res.headers.set('X-Frame-Options', 'SAMEORIGIN');
  res.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
  res.headers.set('X-XSS-Protection', '1; mode=block');


  final cookie = Cookie(
    'xsrf-token-${config.get('app.timestamp').toString().replaceAll(':', '-')}',
    "${config.get('app.id')}",
  )
    ..httpOnly = true
    ..secure = true // only over HTTPS
    ..sameSite = SameSite.lax;

  return res
    ..cookies.add(cookie)
    ..write(html)
    ..close();
}