annotate core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php @ 19:fa3358dc1485 tip

Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents 4c8ae668cc8c
children
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\basic_auth\PageCache;
Chris@0 4
Chris@0 5 use Drupal\Core\PageCache\RequestPolicyInterface;
Chris@0 6 use Symfony\Component\HttpFoundation\Request;
Chris@0 7
Chris@0 8 /**
Chris@0 9 * Cache policy for pages served from basic auth.
Chris@0 10 *
Chris@0 11 * This policy disallows caching of requests that use basic_auth for security
Chris@0 12 * reasons. Otherwise responses for authenticated requests can get into the
Chris@0 13 * page cache and could be delivered to unprivileged users.
Chris@0 14 */
Chris@0 15 class DisallowBasicAuthRequests implements RequestPolicyInterface {
Chris@0 16
Chris@0 17 /**
Chris@0 18 * {@inheritdoc}
Chris@0 19 */
Chris@0 20 public function check(Request $request) {
Chris@0 21 $username = $request->headers->get('PHP_AUTH_USER');
Chris@0 22 $password = $request->headers->get('PHP_AUTH_PW');
Chris@0 23 if (isset($username) && isset($password)) {
Chris@0 24 return self::DENY;
Chris@0 25 }
Chris@0 26 }
Chris@0 27
Chris@0 28 }