DenyTestAuthRequests.php

Same filename in other branches
  1. 9 core/modules/rest/tests/modules/rest_test/src/PageCache/RequestPolicy/DenyTestAuthRequests.php
  2. 8.9.x core/modules/rest/tests/modules/rest_test/src/PageCache/RequestPolicy/DenyTestAuthRequests.php
  3. 10 core/modules/rest/tests/modules/rest_test/src/PageCache/RequestPolicy/DenyTestAuthRequests.php

Namespace

Drupal\rest_test\PageCache\RequestPolicy

File

core/modules/rest/tests/modules/rest_test/src/PageCache/RequestPolicy/DenyTestAuthRequests.php

View source
<?php

declare (strict_types=1);
namespace Drupal\rest_test\PageCache\RequestPolicy;

use Drupal\Core\PageCache\RequestPolicyInterface;
use Symfony\Component\HttpFoundation\Request;

/**
 * Cache policy for pages requested with REST Test Auth.
 *
 * This policy disallows caching of requests that use the REST Test Auth
 * authentication provider for security reasons (just like basic_auth).
 * Otherwise responses for authenticated requests can get into the page cache
 * and could be delivered to unprivileged users.
 *
 * @see \Drupal\rest_test\Authentication\Provider\TestAuth
 * @see \Drupal\rest_test\Authentication\Provider\TestAuthGlobal
 * @see \Drupal\basic_auth\PageCache\DisallowBasicAuthRequests
 */
class DenyTestAuthRequests implements RequestPolicyInterface {
    
    /**
     * {@inheritdoc}
     */
    public function check(Request $request) {
        if ($request->headers
            ->has('REST-test-auth') || $request->headers
            ->has('REST-test-auth-global')) {
            return self::DENY;
        }
    }

}

Classes

Title Deprecated Summary
DenyTestAuthRequests Cache policy for pages requested with REST Test Auth.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.