class DenyTestAuthRequests in Drupal 10

Same name and namespace in other branches

8 core/modules/rest/tests/modules/rest_test/src/PageCache/RequestPolicy/DenyTestAuthRequests.php \Drupal\rest_test\PageCache\RequestPolicy\DenyTestAuthRequests
9 core/modules/rest/tests/modules/rest_test/src/PageCache/RequestPolicy/DenyTestAuthRequests.php \Drupal\rest_test\PageCache\RequestPolicy\DenyTestAuthRequests

Cache policy for pages requested with REST Test Auth.

This policy disallows caching of requests that use the REST Test Auth authentication provider for security reasons (just like basic_auth). Otherwise responses for authenticated requests can get into the page cache and could be delivered to unprivileged users.

Hierarchy

class \Drupal\rest_test\PageCache\RequestPolicy\DenyTestAuthRequests implements RequestPolicyInterface

Expanded class hierarchy of DenyTestAuthRequests

File

core/modules/rest/tests/modules/rest_test/src/PageCache/RequestPolicy/DenyTestAuthRequests.php, line 20

Namespace

Drupal\rest_test\PageCache\RequestPolicy

View source

class DenyTestAuthRequests implements RequestPolicyInterface {

  /**
   * {@inheritdoc}
   */
  public function check(Request $request) {
    if ($request->headers
      ->has('REST-test-auth') || $request->headers
      ->has('REST-test-auth-global')) {
      return self::DENY;
    }
  }

}

Members

Name	Modifiers	Type	Description
DenyTestAuthRequests::check	public	function	Determines whether delivery of a cached page should be attempted. Overrides RequestPolicyInterface::check
RequestPolicyInterface::ALLOW		constant	Allow delivery of cached pages.
RequestPolicyInterface::DENY		constant	Deny delivery of cached pages.

You are here

class DenyTestAuthRequests in Drupal 10

Hierarchy

See also

File

Namespace

Members

API Navigation