Chris@0: get() using the same value as the Chris@0: * "_csrf_token" parameter in the route. Chris@0: */ Chris@0: class CsrfAccessCheck implements RoutingAccessInterface { Chris@0: Chris@0: /** Chris@0: * The CSRF token generator. Chris@0: * Chris@0: * @var \Drupal\Core\Access\CsrfTokenGenerator Chris@0: */ Chris@0: protected $csrfToken; Chris@0: Chris@0: /** Chris@0: * Constructs a CsrfAccessCheck object. Chris@0: * Chris@0: * @param \Drupal\Core\Access\CsrfTokenGenerator $csrf_token Chris@0: * The CSRF token generator. Chris@0: */ Chris@0: public function __construct(CsrfTokenGenerator $csrf_token) { Chris@0: $this->csrfToken = $csrf_token; Chris@0: } Chris@0: Chris@0: /** Chris@0: * Checks access based on a CSRF token for the request. Chris@0: * Chris@0: * @param \Symfony\Component\Routing\Route $route Chris@0: * The route to check against. Chris@0: * @param \Symfony\Component\HttpFoundation\Request $request Chris@0: * The request object. Chris@0: * @param \Drupal\Core\Routing\RouteMatchInterface $route_match Chris@0: * The route match object. Chris@0: * Chris@0: * @return \Drupal\Core\Access\AccessResultInterface Chris@0: * The access result. Chris@0: */ Chris@0: public function access(Route $route, Request $request, RouteMatchInterface $route_match) { Chris@0: $parameters = $route_match->getRawParameters(); Chris@0: $path = ltrim($route->getPath(), '/'); Chris@0: // Replace the path parameters with values from the parameters array. Chris@0: foreach ($parameters as $param => $value) { Chris@0: $path = str_replace("{{$param}}", $value, $path); Chris@0: } Chris@0: Chris@0: if ($this->csrfToken->validate($request->query->get('token', ''), $path)) { Chris@0: $result = AccessResult::allowed(); Chris@0: } Chris@0: else { Chris@0: $result = AccessResult::forbidden($request->query->has('token') ? "'csrf_token' URL query argument is invalid." : "'csrf_token' URL query argument is missing."); Chris@0: } Chris@0: // Not cacheable because the CSRF token is highly dynamic. Chris@0: return $result->setCacheMaxAge(0); Chris@0: } Chris@0: Chris@0: }