You are here

Home » API reference » Services 9.0.x » CSRFTokenAccessCheck.php » CSRFTokenAccessCheck

public function CSRFTokenAccessCheck::access in Services 9.0.x

Same name and namespace in other branches
  1. 8.4 src/Access/CSRFTokenAccessCheck.php \Drupal\services\Access\CSRFTokenAccessCheck::access()

File

src/Access/CSRFTokenAccessCheck.php, line 47

Class

CSRFTokenAccessCheck
Class \Drupal\services\Access\CSRFTokenAccessCheck.

Namespace

Drupal\services\Access

Code

public function access(Request $request, AccountInterface $account) {
  if ($account
    ->isAuthenticated() && in_array($request
    ->getMethod(), $this
    ->restrictedMethods()) && $this->sessionConfiguration
    ->hasSession($request)) {
    $csrf_token = $request->headers
      ->get('X-CSRF-Token');
    if (!\Drupal::csrfToken()
      ->validate($csrf_token, 'services')) {
      return AccessResult::forbidden('CSRF validation failed')
        ->setCacheMaxAge(0);
    }
  }
  return AccessResult::allowed()
    ->setCacheMaxAge(0);
}