projects / yaffs-website / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security update for Core, with self-updated composer
[yaffs-website] / web / core / modules / basic_auth / src / PageCache / DisallowBasicAuthRequests.php
1 <?php
2
3 namespace Drupal\basic_auth\PageCache;
4
5 use Drupal\Core\PageCache\RequestPolicyInterface;
6 use Symfony\Component\HttpFoundation\Request;
7
8 /**
9  * Cache policy for pages served from basic auth.
10  *
11  * This policy disallows caching of requests that use basic_auth for security
12  * reasons. Otherwise responses for authenticated requests can get into the
13  * page cache and could be delivered to unprivileged users.
14  */
15 class DisallowBasicAuthRequests implements RequestPolicyInterface {
16
17   /**
18    * {@inheritdoc}
19    */
20   public function check(Request $request) {
21     $username = $request->headers->get('PHP_AUTH_USER');
22     $password = $request->headers->get('PHP_AUTH_PW');
23     if (isset($username) && isset($password)) {
24       return self::DENY;
25     }
26   }
27
28 }
Unnamed repository; edit this file 'description' to name the repository.