You are here

class DisallowJwtAuthRequests in JSON Web Token Authentication (JWT) 8

Same name and namespace in other branches
  1. 8.0 src/PageCache/DisallowJwtAuthRequests.php \Drupal\jwt\PageCache\DisallowJwtAuthRequests

Cache policy for pages served from JWT auth.

This policy disallows caching of requests that use jwt_auth for security reasons. Otherwise responses for authenticated requests can get into the page cache and could be delivered to unprivileged users.

Hierarchy

Expanded class hierarchy of DisallowJwtAuthRequests

1 string reference to 'DisallowJwtAuthRequests'
jwt.services.yml in ./jwt.services.yml
jwt.services.yml
1 service uses DisallowJwtAuthRequests
jwt.page_cache_request_policy.disallow_jwt_auth_requests in ./jwt.services.yml
Drupal\jwt\PageCache\DisallowJwtAuthRequests

File

src/PageCache/DisallowJwtAuthRequests.php, line 16

Namespace

Drupal\jwt\PageCache
View source
class DisallowJwtAuthRequests implements RequestPolicyInterface {

  /**
   * {@inheritdoc}
   */
  public function check(Request $request) {
    if (JwtAuth::getJwtFromRequest($request)) {
      return self::DENY;
    }
    return NULL;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DisallowJwtAuthRequests::check public function Determines whether delivery of a cached page should be attempted. Overrides RequestPolicyInterface::check
RequestPolicyInterface::ALLOW constant Allow delivery of cached pages.
RequestPolicyInterface::DENY constant Deny delivery of cached pages.