function CookieResourceTestTrait::assertAuthenticationEdgeCases

Same name in other branches
  1. 9 core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php \Drupal\Tests\rest\Functional\CookieResourceTestTrait::assertAuthenticationEdgeCases()
  2. 10 core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php \Drupal\Tests\rest\Functional\CookieResourceTestTrait::assertAuthenticationEdgeCases()
  3. 11.x core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php \Drupal\Tests\rest\Functional\CookieResourceTestTrait::assertAuthenticationEdgeCases()

File

core/modules/rest/tests/src/Functional/CookieResourceTestTrait.php, line 126

Class

CookieResourceTestTrait
Trait for ResourceTestBase subclasses testing $auth=cookie.

Namespace

Drupal\Tests\rest\Functional

Code

protected function assertAuthenticationEdgeCases($method, Url $url, array $request_options) {
    // X-CSRF-Token request header is unnecessary for safe and side effect-free
    // HTTP methods. No need for additional assertions.
    // @see https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
    if (in_array($method, [
        'HEAD',
        'GET',
        'OPTIONS',
        'TRACE',
    ])) {
        return;
    }
    unset($request_options[RequestOptions::HEADERS]['X-CSRF-Token']);
    // DX: 403 when missing X-CSRF-Token request header.
    $response = $this->request($method, $url, $request_options);
    $this->assertResourceErrorResponse(403, 'X-CSRF-Token request header is missing', $response);
    $request_options[RequestOptions::HEADERS]['X-CSRF-Token'] = 'this-is-not-the-token-you-are-looking-for';
    // DX: 403 when invalid X-CSRF-Token request header.
    $response = $this->request($method, $url, $request_options);
    $this->assertResourceErrorResponse(403, 'X-CSRF-Token request header is invalid', $response);
    $request_options[RequestOptions::HEADERS]['X-CSRF-Token'] = $this->csrfToken;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.