From a729c4ab6e1ec747996464e8d975622c799d630c Mon Sep 17 00:00:00 2001 From: Marcus Kreusch Date: Fri, 10 Apr 2026 13:56:36 +0200 Subject: [PATCH] change order of sections to have the most general first --- .../apps/app-scripts/custom-endpoints.md | 72 +++++++++---------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/guides/plugins/apps/app-scripts/custom-endpoints.md b/guides/plugins/apps/app-scripts/custom-endpoints.md index ddd4b50fd8..a00061f29c 100644 --- a/guides/plugins/apps/app-scripts/custom-endpoints.md +++ b/guides/plugins/apps/app-scripts/custom-endpoints.md @@ -9,42 +9,6 @@ nav: If you want to execute some logic in Shopware and trigger the execution over an HTTP request or need some special data from Shopware over the API, you can create custom API endpoints in your app that allow you to execute a script when a request to that endpoint is made. -## Manipulate HTTP-headers to API responses - -::: info -Note that the `response` hook was added in v6.6.10.4 and is not available in earlier versions. -::: - -There is a specific `response` script hook, that allows you to manipulate the HTTP-headers of the response via app scripts. -This is especially useful to adjust the security headers to your needs. - -To add a custom header to every response, you can do the following: - -```twig -// Resources/scripts/response/response.twig -{% do hook.setHeader('X-Frame-Options', 'SAMEORIGIN') %} -``` - -Additionally, you can check the current value of a given header and adjust it accordingly: - -```twig -// Resources/scripts/response/response.twig -{% if hook.getHeader('X-Frame-Options') == 'DENY' %} - {% do hook.setHeader('X-Frame-Options', 'SAMEORIGIN') %} -{% endif %} -``` - -You also have access to the route name of the current request and to the route scopes to control the headers for specific routes: - -```twig -// Resources/scripts/response/response.twig -{% if hook.routeName == 'frontend.detail.page' and hook.isInRouteScope('store-api') %} - {% do hook.setHeader('X-Frame-Options', 'SAMEORIGIN') %} -{% endif %} -``` - -The possible route scopes are `storefront`, `store-api`, `api` and `administration`. - ## Custom Endpoints There are specialized script-execution endpoints for the `api`, `store-api` and `storefront` scopes. @@ -163,6 +127,42 @@ Additionally, it is also possible to redirect to an existing route: For a complete overview of the available data and services, refer to the [reference documentation](../../../../resources/references/app-reference/script-reference/script-hooks-reference#storefront-hook). +## Manipulate HTTP-headers to API responses + +::: info +Note that the `response` hook was added in v6.6.10.4 and is not available in earlier versions. +::: + +There is a specific `response` script hook, that allows you to manipulate the HTTP-headers of the response via app scripts. +This is especially useful to adjust the security headers to your needs. + +To add a custom header to every response, you can do the following: + +```twig +// Resources/scripts/response/response.twig +{% do hook.setHeader('X-Frame-Options', 'SAMEORIGIN') %} +``` + +Additionally, you can check the current value of a given header and adjust it accordingly: + +```twig +// Resources/scripts/response/response.twig +{% if hook.getHeader('X-Frame-Options') == 'DENY' %} + {% do hook.setHeader('X-Frame-Options', 'SAMEORIGIN') %} +{% endif %} +``` + +You also have access to the route name of the current request and to the route scopes to control the headers for specific routes: + +```twig +// Resources/scripts/response/response.twig +{% if hook.routeName == 'frontend.detail.page' and hook.isInRouteScope('store-api') %} + {% do hook.setHeader('X-Frame-Options', 'SAMEORIGIN') %} +{% endif %} +``` + +The possible route scopes are `storefront`, `store-api`, `api` and `administration`. + ## Caching To improve the end-user experience and provide a scalable system, the customer-facing APIs (i.e., `store-api` and `storefront`) offer a caching mechanism to cache the response to specific requests and return the response from the cache on further requests instead of computing it again and again on each request.