You are here

class DenyTestAuthRequests in Drupal 10

Same name and namespace in other branches
  1. 8 core/modules/rest/tests/modules/rest_test/src/PageCache/RequestPolicy/DenyTestAuthRequests.php \Drupal\rest_test\PageCache\RequestPolicy\DenyTestAuthRequests
  2. 9 core/modules/rest/tests/modules/rest_test/src/PageCache/RequestPolicy/DenyTestAuthRequests.php \Drupal\rest_test\PageCache\RequestPolicy\DenyTestAuthRequests

Cache policy for pages requested with REST Test Auth.

This policy disallows caching of requests that use the REST Test Auth authentication provider for security reasons (just like basic_auth). Otherwise responses for authenticated requests can get into the page cache and could be delivered to unprivileged users.

Hierarchy

Expanded class hierarchy of DenyTestAuthRequests

See also

\Drupal\rest_test\Authentication\Provider\TestAuth

\Drupal\rest_test\Authentication\Provider\TestAuthGlobal

\Drupal\basic_auth\PageCache\DisallowBasicAuthRequests

1 string reference to 'DenyTestAuthRequests'
rest_test.services.yml in core/modules/rest/tests/modules/rest_test/rest_test.services.yml
core/modules/rest/tests/modules/rest_test/rest_test.services.yml
1 service uses DenyTestAuthRequests
rest_test.page_cache_request_policy.deny_test_auth_requests in core/modules/rest/tests/modules/rest_test/rest_test.services.yml
Drupal\rest_test\PageCache\RequestPolicy\DenyTestAuthRequests

File

core/modules/rest/tests/modules/rest_test/src/PageCache/RequestPolicy/DenyTestAuthRequests.php, line 20

Namespace

Drupal\rest_test\PageCache\RequestPolicy
View source
class DenyTestAuthRequests implements RequestPolicyInterface {

  /**
   * {@inheritdoc}
   */
  public function check(Request $request) {
    if ($request->headers
      ->has('REST-test-auth') || $request->headers
      ->has('REST-test-auth-global')) {
      return self::DENY;
    }
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DenyTestAuthRequests::check public function Determines whether delivery of a cached page should be attempted. Overrides RequestPolicyInterface::check
RequestPolicyInterface::ALLOW constant Allow delivery of cached pages.
RequestPolicyInterface::DENY constant Deny delivery of cached pages.