You are here

class DisallowBasicAuthRequests in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php \Drupal\basic_auth\PageCache\DisallowBasicAuthRequests

Cache policy for pages served from basic auth.

This policy disallows caching of requests that use basic_auth for security reasons. Otherwise responses for authenticated requests can get into the page cache and could be delivered to unprivileged users.

Hierarchy

Expanded class hierarchy of DisallowBasicAuthRequests

1 string reference to 'DisallowBasicAuthRequests'
basic_auth.services.yml in core/modules/basic_auth/basic_auth.services.yml
core/modules/basic_auth/basic_auth.services.yml
1 service uses DisallowBasicAuthRequests
basic_auth.page_cache_request_policy.disallow_basic_auth_requests in core/modules/basic_auth/basic_auth.services.yml
Drupal\basic_auth\PageCache\DisallowBasicAuthRequests

File

core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php, line 20
Contains \Drupal\basic_auth\PageCache\DisallowBasicAuthRequests.

Namespace

Drupal\basic_auth\PageCache
View source
class DisallowBasicAuthRequests implements RequestPolicyInterface {

  /**
   * {@inheritdoc}
   */
  public function check(Request $request) {
    $username = $request->headers
      ->get('PHP_AUTH_USER');
    $password = $request->headers
      ->get('PHP_AUTH_PW');
    if (isset($username) && isset($password)) {
      return self::DENY;
    }
  }

}

Members

Namesort descending Modifiers Type Description Overrides
DisallowBasicAuthRequests::check public function Determines whether delivery of a cached page should be attempted. Overrides RequestPolicyInterface::check
RequestPolicyInterface::ALLOW constant Allow delivery of cached pages.
RequestPolicyInterface::DENY constant Deny delivery of cached pages.