DisallowBasicAuthRequests.php in Zircon Profile 8
Same filename and directory in other branches
Namespace
Drupal\basic_auth\PageCacheFile
core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.phpView source
<?php
/**
* @file
* Contains \Drupal\basic_auth\PageCache\DisallowBasicAuthRequests.
*/
namespace Drupal\basic_auth\PageCache;
use Drupal\Core\PageCache\RequestPolicyInterface;
use Symfony\Component\HttpFoundation\Request;
/**
* Cache policy for pages served from basic auth.
*
* This policy disallows caching of requests that use basic_auth for security
* reasons. Otherwise responses for authenticated requests can get into the
* page cache and could be delivered to unprivileged users.
*/
class DisallowBasicAuthRequests implements RequestPolicyInterface {
/**
* {@inheritdoc}
*/
public function check(Request $request) {
$username = $request->headers
->get('PHP_AUTH_USER');
$password = $request->headers
->get('PHP_AUTH_PW');
if (isset($username) && isset($password)) {
return self::DENY;
}
}
}Classes
Name |
Description |
|---|---|
| DisallowBasicAuthRequests | Cache policy for pages served from basic auth. |