csrf_test.routing.yml in Drupal 8
Same filename and directory in other branches
core/modules/system/tests/modules/csrf_test/csrf_test.routing.yml
1 string reference to YAML keys in csrf_test.routing.yml
- CsrfRequestHeaderTest::testRouteAccess in core/
modules/ system/ tests/ src/ Functional/ CsrfRequestHeaderTest.php - Tests access to routes protected by CSRF request header requirements.
File
core/modules/system/tests/modules/csrf_test/csrf_test.routing.ymlView source
- # Tests CSRF request header token protection.
- csrf_test.protected:
- path: csrf/protected
- defaults:
- _controller: '\Drupal\csrf_test\Controller\TestController::testMethod'
- requirements:
- _csrf_request_header_token: 'TRUE'
- _method: 'POST'
- # Tests deprecated _access_rest_csrf protection.
- # This originally was in the REST module but now is supported in core/lib.
- # @see https://www.drupal.org/node/2753681
- # @todo Remove the route in drupal:10.0.0 https://www.drupal.org/node/3115308
- csrf_test.deprecated.protected:
- path: csrf/deprecated/protected
- defaults:
- _controller: '\Drupal\csrf_test\Controller\TestController::testMethod'
- requirements:
- _access_rest_csrf: 'TRUE'
- _method: 'POST'
- # @todo Remove this route in drupal:10.0.0 https://www.drupal.org/node/3115308
- # @see \Drupal\Core\Access\CsrfRequestHeaderAccessCheck::access()
- csrf_test.deprecated.csrftoken:
- path: '/deprecated/session/token'
- defaults:
- _controller: '\Drupal\csrf_test\Controller\DeprecatedCsrfTokenController::csrfToken'
- requirements:
- _access: 'TRUE'