json method

HttpResponse json([ dynamic data ])

Sends JSON response with security headers and XSRF cookie.

Implementation

HttpResponse json([dynamic data]) {
  // --- Performance headers ---
  response.headers.contentType = ContentType.html;
  response.headers.set(
    HttpHeaders.cacheControlHeader,
    'public, max-age=300, must-revalidate',
  );
  response.headers.set(HttpHeaders.varyHeader, 'Accept-Encoding');
  //
  // // --- Security headers ---
  response.headers.set('X-Content-Type-Options', 'nosniff');
  response.headers.set('X-Frame-Options', 'SAMEORIGIN');
  response.headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
  response.headers.set('X-XSS-Protection', '1; mode=block');

  final cookie = Cookie('archery_csrf_token', App.generateKey())
    ..httpOnly = true
    ..secure = true
    ..sameSite = SameSite.lax;

  response.headers.contentType = ContentType.json;

  return response
    ..statusCode = HttpStatus.ok
    ..cookies.add(cookie)
    ..write(jsonEncode(data))
    ..close();
}