You are here

Home » API reference » Drupal 10 » AjaxBasePageNegotiator.php » AjaxBasePageNegotiator

public function AjaxBasePageNegotiator::determineActiveTheme in Drupal 10

Same name and namespace in other branches
  1. 8 core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php \Drupal\Core\Theme\AjaxBasePageNegotiator::determineActiveTheme()
  2. 9 core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php \Drupal\Core\Theme\AjaxBasePageNegotiator::determineActiveTheme()

File

core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php, line 75

Class

AjaxBasePageNegotiator
Defines a theme negotiator that deals with the active theme on ajax requests.

Namespace

Drupal\Core\Theme

Code

public function determineActiveTheme(RouteMatchInterface $route_match) {
  $ajax_page_state = $this->requestStack
    ->getCurrentRequest()->request
    ->all('ajax_page_state');
  $theme = $ajax_page_state['theme'];
  $token = $ajax_page_state['theme_token'];

  // Prevent a request forgery from giving a person access to a theme they
  // shouldn't be otherwise allowed to see. However, since everyone is
  // allowed to see the default theme, token validation isn't required for
  // that, and bypassing it allows most use-cases to work even when accessed
  // from the page cache.
  if ($theme === $this->configFactory
    ->get('system.theme')
    ->get('default') || $this->csrfGenerator
    ->validate($token, $theme)) {
    return $theme;
  }
}