public function CSRFAccessCheck::applies in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/rest/src/Access/CSRFAccessCheck.php \Drupal\rest\Access\CSRFAccessCheck::applies()
Declares whether the access check applies to a specific route or not.
Parameters
\Symfony\Component\Routing\Route $route: The route to consider attaching to.
Return value
array An array of route requirement keys this access checker applies to.
Overrides AccessCheckInterface::applies
File
- core/
modules/ rest/ src/ Access/ CSRFAccessCheck.php, line 42 - Contains \Drupal\rest\Access\CSRFAccessCheck.
Class
- CSRFAccessCheck
- Access protection against CSRF attacks.
Namespace
Drupal\rest\AccessCode
public function applies(Route $route) {
$requirements = $route
->getRequirements();
if (array_key_exists('_access_rest_csrf', $requirements)) {
if (isset($requirements['_method'])) {
// There could be more than one method requirement separated with '|'.
$methods = explode('|', $requirements['_method']);
// CSRF protection only applies to write operations, so we can filter
// out any routes that require reading methods only.
$write_methods = array_diff($methods, array(
'GET',
'HEAD',
'OPTIONS',
'TRACE',
));
if (empty($write_methods)) {
return FALSE;
}
}
// No method requirement given, so we run this access check to be on the
// safe side.
return TRUE;
}
}