You are here

DisallowBasicAuthRequests.php in Zircon Profile 8

File

core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php
View source
<?php

/**
 * @file
 * Contains \Drupal\basic_auth\PageCache\DisallowBasicAuthRequests.
 */
namespace Drupal\basic_auth\PageCache;

use Drupal\Core\PageCache\RequestPolicyInterface;
use Symfony\Component\HttpFoundation\Request;

/**
 * Cache policy for pages served from basic auth.
 *
 * This policy disallows caching of requests that use basic_auth for security
 * reasons. Otherwise responses for authenticated requests can get into the
 * page cache and could be delivered to unprivileged users.
 */
class DisallowBasicAuthRequests implements RequestPolicyInterface {

  /**
   * {@inheritdoc}
   */
  public function check(Request $request) {
    $username = $request->headers
      ->get('PHP_AUTH_USER');
    $password = $request->headers
      ->get('PHP_AUTH_PW');
    if (isset($username) && isset($password)) {
      return self::DENY;
    }
  }

}

Classes

Namesort descending Description
DisallowBasicAuthRequests Cache policy for pages served from basic auth.