You are here

Home » API reference » RESTful 7.2 » Resource.php » Resource

protected function Resource::accessByAllowOrigin in RESTful 7.2

Checks access based on the referer header and the allowOrigin setting.

Return value

bool TRUE if the access is granted. FALSE otherwise.

1 call to Resource::accessByAllowOrigin()
Resource::access in src/Plugin/resource/Resource.php
Determine if user can access the handler.

File

src/Plugin/resource/Resource.php, line 579
Contains \Drupal\restful\Plugin\resource\Resource.

Class

Resource

Namespace

Drupal\restful\Plugin\resource

Code

protected function accessByAllowOrigin() {

  // Check the referrer header and return false if it does not match the
  // Access-Control-Allow-Origin
  $referer = $this
    ->getRequest()
    ->getHeaders()
    ->get('Referer')
    ->getValueString();

  // If there is no allow_origin assume that it is allowed. Also, if there is
  // no referer then grant access since the request probably was not
  // originated from a browser.
  $plugin_definition = $this
    ->getPluginDefinition();
  $origin = isset($plugin_definition['allowOrigin']) ? $plugin_definition['allowOrigin'] : NULL;
  if (empty($origin) || $origin == '*' || !$referer) {
    return TRUE;
  }
  return strpos($referer, $origin) === 0;
}