3 namespace Drupal\basic_auth\PageCache;
5 use Drupal\Core\PageCache\RequestPolicyInterface;
6 use Symfony\Component\HttpFoundation\Request;
9 * Cache policy for pages served from basic auth.
11 * This policy disallows caching of requests that use basic_auth for security
12 * reasons. Otherwise responses for authenticated requests can get into the
13 * page cache and could be delivered to unprivileged users.
15 class DisallowBasicAuthRequests implements RequestPolicyInterface {
20 public function check(Request $request) {
21 $username = $request->headers->get('PHP_AUTH_USER');
22 $password = $request->headers->get('PHP_AUTH_PW');
23 if (isset($username) && isset($password)) {