Slim 4 - Cheatsheet and FAQ
09 Sep 2019
Table of Contents
- Slim 4 Changes
- Error 404
- Retrieving the current route
- Retrieving the current route arguments
- Accessing the RouteParser
- Retrieving the base path
- Reading the response body
- Receiving input
- CSRF protection
- SameSite cookies
- Dependency Injection
Slim 4 Changes
In the beginning many people have an issue with the error message: Error 404 (Not found)
First, make sure that you added the
$app = AppFactory::create(); // Add Routing Middleware $app->addRoutingMiddleware(); // ... $app->run();
Second, make sure that the correct base path is set:
Run Slim 4 From a Sub-Directory
This library can be used as a helper to determine the correct base path:
Retrieving the current route
$route = \Slim\Routing\RouteContext::fromRequest($request)->getRoute();
Retrieving the current route arguments
$routeArguments = \Slim\Routing\RouteContext::fromRequest($request)->getRoute()->getArguments();
Accessing the RouteParser
$routeParser = \Slim\Routing\RouteContext::fromRequest($request)->getRouteParser();
Retrieving the base path
$basePath = \Slim\Routing\RouteContext::fromRequest($request)->getBasePath(),
Reading the response body
$body = (string)$request->getBody();
If the request body is still empty, it could be an bug or an issue with chunked requests:
To receive the submitted JSON / XML data you have to add the
$app = AppFactory::create(); $app->addBodyParsingMiddleware(); // <--- here // ... $app->run();
BodyParsingMiddleware will only parse the body if the request header
Content-Type contains a supported value. Supported values are:
BodyParsingMiddleware also supports
More details: https://akrabat.com/receiving-input-into-a-slim-4-application/
Take a look a the “official” Slim-CSRF package.
With SameSite Cookies (available since PHP 7.3) you may no longer need CSRF protection:
As a general rule:
Your entire app should be unaware of the container.
Injecting the container is an anti-pattern. Please declare all class dependencies in your constructor explicitly instead.
Why is injecting the container (in the most cases) an anti-pattern?
In Slim 3 the Service Locator (anti-pattern) was the default “style” to inject the whole (Pimple) container and fetch the dependencies from it. Please don’t do this anymore!
- The Service Locator hides the real dependencies of your class.
- The Service Locator violates the Inversion of Control (IoC) principle of SOLID.
Q: How can I make it better?
A: Use Composition over inheritance and constructor dependency injection. Dependency injection is a programming practice of passing into an object it’s collaborators, rather the object itself creating them.
Since Slim 4 you can use modern Dependency Injection Container (DIC) like PHP-DI and league/container with the awesome autowire feature. This means: Now you can declare all dependencies explicitly in your constructor and let the DIC inject these dependencies for you.
To be more clear: “Composition” has nothing to do with the “Autowire” feature of the DIC. You can use composition with pure classes and without a container or anything else. The autowire feature just uses the PHP Reflection classes to resolve and inject the dependencies automatically for you.