Mercurial > hg > cmmr2012-drupal-site
comparison core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php @ 0:c75dbcec494b
Initial commit from drush-created site
| author | Chris Cannam |
|---|---|
| date | Thu, 05 Jul 2018 14:24:15 +0000 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:c75dbcec494b |
|---|---|
| 1 <?php | |
| 2 | |
| 3 namespace Drupal\basic_auth\PageCache; | |
| 4 | |
| 5 use Drupal\Core\PageCache\RequestPolicyInterface; | |
| 6 use Symfony\Component\HttpFoundation\Request; | |
| 7 | |
| 8 /** | |
| 9 * Cache policy for pages served from basic auth. | |
| 10 * | |
| 11 * This policy disallows caching of requests that use basic_auth for security | |
| 12 * reasons. Otherwise responses for authenticated requests can get into the | |
| 13 * page cache and could be delivered to unprivileged users. | |
| 14 */ | |
| 15 class DisallowBasicAuthRequests implements RequestPolicyInterface { | |
| 16 | |
| 17 /** | |
| 18 * {@inheritdoc} | |
| 19 */ | |
| 20 public function check(Request $request) { | |
| 21 $username = $request->headers->get('PHP_AUTH_USER'); | |
| 22 $password = $request->headers->get('PHP_AUTH_PW'); | |
| 23 if (isset($username) && isset($password)) { | |
| 24 return self::DENY; | |
| 25 } | |
| 26 } | |
| 27 | |
| 28 } |