class DenyTestAuthRequests

Cache policy for pages requested with REST Test Auth.

This policy disallows caching of requests that use the REST Test Auth authentication provider for security reasons (just like basic_auth). Otherwise responses for authenticated requests can get into the page cache and could be delivered to unprivileged users.

Hierarchy

Expanded class hierarchy of DenyTestAuthRequests

See also

\Drupal\rest_test\Authentication\Provider\TestAuth

\Drupal\rest_test\Authentication\Provider\TestAuthGlobal

\Drupal\basic_auth\PageCache\DisallowBasicAuthRequests

1 string reference to 'DenyTestAuthRequests'
rest_test.services.yml in core/modules/rest/tests/modules/rest_test/rest_test.services.yml
core/modules/rest/tests/modules/rest_test/rest_test.services.yml
1 service uses DenyTestAuthRequests
rest_test.page_cache_request_policy.deny_test_auth_requests in core/modules/rest/tests/modules/rest_test/rest_test.services.yml
Drupal\rest_test\PageCache\RequestPolicy\DenyTestAuthRequests

File

View on git.drupalcode.org

core/modules/rest/tests/modules/rest_test/src/PageCache/RequestPolicy/DenyTestAuthRequests.php, line 20

Namespace

Drupal\rest_test\PageCache\RequestPolicy
View source 
class DenyTestAuthRequests implements RequestPolicyInterface {
  
  /**
   * {@inheritdoc}
   */
  public function check(Request $request) {
    if ($request->headers
      ->has('REST-test-auth') || $request->headers
      ->has('REST-test-auth-global')) {
      return self::DENY;
    }
  }

}

Members

Title Modifiers Object type Summary Overriden Title
DenyTestAuthRequests::check public function Determines whether delivery of a cached page should be attempted. Overrides RequestPolicyInterface::check
RequestPolicyInterface::ALLOW constant Allow delivery of cached pages.
RequestPolicyInterface::DENY constant Deny delivery of cached pages.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.