protected function CookieResourceTestTrait::assertAuthenticationEdgeCases in Drupal 8
Same name and namespace in other branches
- 9 core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php \Drupal\Tests\rest\Functional\CookieResourceTestTrait::assertAuthenticationEdgeCases()
- 10 core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php \Drupal\Tests\rest\Functional\CookieResourceTestTrait::assertAuthenticationEdgeCases()
File
- core/
modules/ rest/ tests/ src/ Functional/ CookieResourceTestTrait.php, line 126
Class
- CookieResourceTestTrait
- Trait for ResourceTestBase subclasses testing $auth=cookie.
Namespace
Drupal\Tests\rest\FunctionalCode
protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {
// X-CSRF-Token request header is unnecessary for safe and side effect-free
// HTTP methods. No need for additional assertions.
// @see https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
if (in_array($method, [
'HEAD',
'GET',
'OPTIONS',
'TRACE',
])) {
return;
}
unset($request_options[RequestOptions::HEADERS]['X-CSRF-Token']);
// DX: 403 when missing X-CSRF-Token request header.
$response = $this
->request($method, $url, $request_options);
$this
->assertResourceErrorResponse(403, 'X-CSRF-Token request header is missing', $response);
$request_options[RequestOptions::HEADERS]['X-CSRF-Token'] = 'this-is-not-the-token-you-are-looking-for';
// DX: 403 when invalid X-CSRF-Token request header.
$response = $this
->request($method, $url, $request_options);
$this
->assertResourceErrorResponse(403, 'X-CSRF-Token request header is invalid', $response);
$request_options[RequestOptions::HEADERS]['X-CSRF-Token'] = $this->csrfToken;
}