public function AjaxBasePageNegotiator::determineActiveTheme in Drupal 10
Same name and namespace in other branches
- 8 core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php \Drupal\Core\Theme\AjaxBasePageNegotiator::determineActiveTheme()
- 9 core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php \Drupal\Core\Theme\AjaxBasePageNegotiator::determineActiveTheme()
File
- core/
lib/ Drupal/ Core/ Theme/ AjaxBasePageNegotiator.php, line 75
Class
- AjaxBasePageNegotiator
- Defines a theme negotiator that deals with the active theme on ajax requests.
Namespace
Drupal\Core\ThemeCode
public function determineActiveTheme(RouteMatchInterface $route_match) {
$ajax_page_state = $this->requestStack
->getCurrentRequest()->request
->all('ajax_page_state');
$theme = $ajax_page_state['theme'];
$token = $ajax_page_state['theme_token'];
// Prevent a request forgery from giving a person access to a theme they
// shouldn't be otherwise allowed to see. However, since everyone is
// allowed to see the default theme, token validation isn't required for
// that, and bypassing it allows most use-cases to work even when accessed
// from the page cache.
if ($theme === $this->configFactory
->get('system.theme')
->get('default') || $this->csrfGenerator
->validate($token, $theme)) {
return $theme;
}
}