public function CSRFTokenAccessCheck::access in Services 9.0.x
Same name and namespace in other branches
- 8.4 src/Access/CSRFTokenAccessCheck.php \Drupal\services\Access\CSRFTokenAccessCheck::access()
File
- src/
Access/ CSRFTokenAccessCheck.php, line 47
Class
Namespace
Drupal\services\AccessCode
public function access(Request $request, AccountInterface $account) {
if ($account
->isAuthenticated() && in_array($request
->getMethod(), $this
->restrictedMethods()) && $this->sessionConfiguration
->hasSession($request)) {
$csrf_token = $request->headers
->get('X-CSRF-Token');
if (!\Drupal::csrfToken()
->validate($csrf_token, 'services')) {
return AccessResult::forbidden('CSRF validation failed')
->setCacheMaxAge(0);
}
}
return AccessResult::allowed()
->setCacheMaxAge(0);
}