You are here

csrf_test.routing.yml in Drupal 8

Same filename and directory in other branches
  1. 9 core/modules/system/tests/modules/csrf_test/csrf_test.routing.yml
core/modules/system/tests/modules/csrf_test/csrf_test.routing.yml

File

core/modules/system/tests/modules/csrf_test/csrf_test.routing.yml
View source
  1. # Tests CSRF request header token protection.
  2. csrf_test.protected:
  3. path: csrf/protected
  4. defaults:
  5. _controller: '\Drupal\csrf_test\Controller\TestController::testMethod'
  6. requirements:
  7. _csrf_request_header_token: 'TRUE'
  8. _method: 'POST'
  9. # Tests deprecated _access_rest_csrf protection.
  10. # This originally was in the REST module but now is supported in core/lib.
  11. # @see https://www.drupal.org/node/2753681
  12. # @todo Remove the route in drupal:10.0.0 https://www.drupal.org/node/3115308
  13. csrf_test.deprecated.protected:
  14. path: csrf/deprecated/protected
  15. defaults:
  16. _controller: '\Drupal\csrf_test\Controller\TestController::testMethod'
  17. requirements:
  18. _access_rest_csrf: 'TRUE'
  19. _method: 'POST'
  20. # @todo Remove this route in drupal:10.0.0 https://www.drupal.org/node/3115308
  21. # @see \Drupal\Core\Access\CsrfRequestHeaderAccessCheck::access()
  22. csrf_test.deprecated.csrftoken:
  23. path: '/deprecated/session/token'
  24. defaults:
  25. _controller: '\Drupal\csrf_test\Controller\DeprecatedCsrfTokenController::csrfToken'
  26. requirements:
  27. _access: 'TRUE'