1. class
  2. Drupal
  3. \
  4. basic_auth
  5. \
  6. PageCache
  7. \
  8. DisallowBasicAuthRequests

DisallowBasicAuthRequests

class DisallowBasicAuthRequests implements RequestPolicyInterface (View source)

Cache policy for pages served from basic auth.

This policy disallows caching of requests that use basic_auth for security reasons. Otherwise responses for authenticated requests can get into the page cache and could be delivered to unprivileged users.

Methods

string|null
check(Request $request)

Determines whether delivery of a cached page should be attempted.

Details

at line 20
string|null check(Request $request)

Determines whether delivery of a cached page should be attempted.

Note that the request-policy check runs very early. In particular it is not possible to determine the logged in user. Also the current route match is not yet present when the check runs. Therefore, request-policy checks need to be designed in a way such that they do not depend on any other service and only take in account the information present on the incoming request.

When matching against the request path, special attention is needed to support path prefixes which are often used on multilingual sites.

Parameters

Request $request

The incoming request object.

Return Value

string|null

One of static::ALLOW, static::DENY or NULL. Calling code may attempt to deliver a cached page if static::ALLOW is returned. Returns NULL if the policy is not specified for the given request.