class DisallowJwtAuthRequests in JSON Web Token Authentication (JWT) 8.0

Same name and namespace in other branches

8 src/PageCache/DisallowJwtAuthRequests.php \Drupal\jwt\PageCache\DisallowJwtAuthRequests

Cache policy for pages served from JWT auth.

This policy disallows caching of requests that use jwt_auth for security reasons. Otherwise responses for authenticated requests can get into the page cache and could be delivered to unprivileged users.

Hierarchy

class \Drupal\jwt\PageCache\DisallowJwtAuthRequests implements RequestPolicyInterface

Expanded class hierarchy of DisallowJwtAuthRequests

1 string reference to 'DisallowJwtAuthRequests'

jwt.services.yml in ./jwt.services.yml: jwt.services.yml

1 service uses DisallowJwtAuthRequests

jwt.page_cache_request_policy.disallow_jwt_auth_requests in ./jwt.services.yml: Drupal\jwt\PageCache\DisallowJwtAuthRequests

File

src/PageCache/DisallowJwtAuthRequests.php, line 15

Namespace

Drupal\jwt\PageCache

View source

class DisallowJwtAuthRequests implements RequestPolicyInterface {

  /**
   * {@inheritdoc}
   */
  public function check(Request $request) {
    $auth = $request->headers
      ->get('Authorization');
    if (preg_match('/^Bearer .+/', $auth)) {
      return self::DENY;
    }
    return NULL;
  }

}

Members

Name	Modifiers	Type	Description
DisallowJwtAuthRequests::check	public	function	Determines whether delivery of a cached page should be attempted. Overrides RequestPolicyInterface::check
RequestPolicyInterface::ALLOW		constant	Allow delivery of cached pages.
RequestPolicyInterface::DENY		constant	Deny delivery of cached pages.

You are here

class DisallowJwtAuthRequests in JSON Web Token Authentication (JWT) 8.0

Hierarchy

File

Namespace

Members

API Navigation