class AjaxBasePageNegotiator

Same name in other branches
  1. 9 core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php \Drupal\Core\Theme\AjaxBasePageNegotiator
  2. 8.9.x core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php \Drupal\Core\Theme\AjaxBasePageNegotiator
  3. 11.x core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php \Drupal\Core\Theme\AjaxBasePageNegotiator

Defines a theme negotiator that deals with the active theme on ajax requests.

Many different pages can invoke an Ajax request to a generic Ajax path. It is almost always desired for an Ajax response to be rendered using the same theme as the base page, because most themes are built with the assumption that they control the entire page, so if the CSS for two themes are both loaded for a given page, they may conflict with each other. For example, Olivero is Drupal's default theme, and Claro is Drupal's default administration theme. Depending on whether the "Use the administration theme when editing or creating content" checkbox is checked, the node edit form may be displayed in either theme, but the Ajax response to the Field module's "Add another item" button should be rendered using the same theme as the rest of the page.

Hierarchy

Expanded class hierarchy of AjaxBasePageNegotiator

1 file declares its use of AjaxBasePageNegotiator
AjaxBasePageNegotiatorTest.php in core/tests/Drupal/Tests/Core/Theme/AjaxBasePageNegotiatorTest.php
1 string reference to 'AjaxBasePageNegotiator'
core.services.yml in core/core.services.yml
core/core.services.yml
1 service uses AjaxBasePageNegotiator
theme.negotiator.ajax_base_page in core/core.services.yml
Drupal\Core\Theme\AjaxBasePageNegotiator

File

core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php, line 25

Namespace

Drupal\Core\Theme
View source
class AjaxBasePageNegotiator implements ThemeNegotiatorInterface {
    
    /**
     * The CSRF token generator.
     *
     * @var \Drupal\Core\Access\CsrfTokenGenerator
     */
    protected $csrfGenerator;
    
    /**
     * The config factory.
     *
     * @var \Drupal\Core\Config\ConfigFactoryInterface
     */
    protected $configFactory;
    
    /**
     * The request stack.
     *
     * @var \Symfony\Component\HttpFoundation\RequestStack
     */
    protected $requestStack;
    
    /**
     * Constructs a new AjaxBasePageNegotiator.
     *
     * @param \Drupal\Core\Access\CsrfTokenGenerator $token_generator
     *   The CSRF token generator.
     * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
     *   The config factory.
     * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
     *   The request stack used to retrieve the current request.
     */
    public function __construct(CsrfTokenGenerator $token_generator, ConfigFactoryInterface $config_factory, RequestStack $request_stack) {
        $this->csrfGenerator = $token_generator;
        $this->configFactory = $config_factory;
        $this->requestStack = $request_stack;
    }
    
    /**
     * {@inheritdoc}
     */
    public function applies(RouteMatchInterface $route_match) {
        $ajax_page_state = $this->requestStack
            ->getCurrentRequest()
            ->get('ajax_page_state');
        return !empty($ajax_page_state['theme']) && isset($ajax_page_state['theme_token']);
    }
    
    /**
     * {@inheritdoc}
     */
    public function determineActiveTheme(RouteMatchInterface $route_match) {
        $ajax_page_state = $this->requestStack
            ->getCurrentRequest()
            ->get('ajax_page_state');
        $theme = $ajax_page_state['theme'];
        $token = $ajax_page_state['theme_token'];
        // Prevent a request forgery from giving a person access to a theme they
        // shouldn't be otherwise allowed to see. However, since everyone is
        // allowed to see the default theme, token validation isn't required for
        // that, and bypassing it allows most use-cases to work even when accessed
        // from the page cache.
        if ($theme === $this->configFactory
            ->get('system.theme')
            ->get('default') || $this->csrfGenerator
            ->validate($token, $theme)) {
            return $theme;
        }
    }

}

Members

Title Sort descending Modifiers Object type Summary
AjaxBasePageNegotiator::$configFactory protected property The config factory.
AjaxBasePageNegotiator::$csrfGenerator protected property The CSRF token generator.
AjaxBasePageNegotiator::$requestStack protected property The request stack.
AjaxBasePageNegotiator::applies public function
AjaxBasePageNegotiator::determineActiveTheme public function
AjaxBasePageNegotiator::__construct public function Constructs a new AjaxBasePageNegotiator.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.