class DisallowOauthRequests in OAuth 1.0 8.2

Cache policy for pages served from OAuth.

This policy disallows caching of requests that use OAuth for security reasons. Otherwise responses for authenticated requests can get into the page cache and could be delivered to unprivileged users.

Hierarchy

class \Drupal\oauth\PageCache\DisallowOauthRequests implements RequestPolicyInterface

Expanded class hierarchy of DisallowOauthRequests

1 string reference to 'DisallowOauthRequests'

oauth.services.yml in ./oauth.services.yml: oauth.services.yml

1 service uses DisallowOauthRequests

oauth.page_cache_request_policy.disallow_oauth_requests in ./oauth.services.yml: Drupal\oauth\PageCache\DisallowOauthRequests

File

src/PageCache/DisallowOauthRequests.php, line 15

Namespace

Drupal\oauth\PageCache

View source

class DisallowOauthRequests implements RequestPolicyInterface {

  /**
   * {@inheritdoc}
   */
  public function check(Request $request) {
    $authorization = $request->headers
      ->get('authorization');
    if (strpos($authorization, 'OAuth') === 0) {
      return self::DENY;
    }
  }

}

Members

Name	Modifiers	Type	Description
DisallowOauthRequests::check	public	function	Determines whether delivery of a cached page should be attempted. Overrides RequestPolicyInterface::check
RequestPolicyInterface::ALLOW		constant	Allow delivery of cached pages.
RequestPolicyInterface::DENY		constant	Deny delivery of cached pages.

You are here

class DisallowOauthRequests in OAuth 1.0 8.2

Hierarchy

File

Namespace

Members

API Navigation