Mercurial > hg > isophonics-drupal-site
annotate core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php @ 19:fa3358dc1485 tip
Add ndrum files
| author | Chris Cannam |
|---|---|
| date | Wed, 28 Aug 2019 13:14:47 +0100 |
| parents | 4c8ae668cc8c |
| children |
| rev | line source |
|---|---|
| Chris@0 | 1 <?php |
| Chris@0 | 2 |
| Chris@0 | 3 namespace Drupal\basic_auth\PageCache; |
| Chris@0 | 4 |
| Chris@0 | 5 use Drupal\Core\PageCache\RequestPolicyInterface; |
| Chris@0 | 6 use Symfony\Component\HttpFoundation\Request; |
| Chris@0 | 7 |
| Chris@0 | 8 /** |
| Chris@0 | 9 * Cache policy for pages served from basic auth. |
| Chris@0 | 10 * |
| Chris@0 | 11 * This policy disallows caching of requests that use basic_auth for security |
| Chris@0 | 12 * reasons. Otherwise responses for authenticated requests can get into the |
| Chris@0 | 13 * page cache and could be delivered to unprivileged users. |
| Chris@0 | 14 */ |
| Chris@0 | 15 class DisallowBasicAuthRequests implements RequestPolicyInterface { |
| Chris@0 | 16 |
| Chris@0 | 17 /** |
| Chris@0 | 18 * {@inheritdoc} |
| Chris@0 | 19 */ |
| Chris@0 | 20 public function check(Request $request) { |
| Chris@0 | 21 $username = $request->headers->get('PHP_AUTH_USER'); |
| Chris@0 | 22 $password = $request->headers->get('PHP_AUTH_PW'); |
| Chris@0 | 23 if (isset($username) && isset($password)) { |
| Chris@0 | 24 return self::DENY; |
| Chris@0 | 25 } |
| Chris@0 | 26 } |
| Chris@0 | 27 |
| Chris@0 | 28 } |