1 # Tests CSRF request header token protection.
5 _controller: '\Drupal\csrf_test\Controller\TestController::testMethod'
7 _csrf_request_header_token: 'TRUE'
9 # Tests deprecated _access_rest_csrf protection.
10 # This originally was in the REST module but now is supported in core/lib.
11 # @see https://www.drupal.org/node/2753681
12 # @todo Remove this test route in Drupal 9.0.0.
13 csrf_test.deprecated.protected:
14 path: csrf/deprecated/protected
16 _controller: '\Drupal\csrf_test\Controller\TestController::testMethod'
18 _access_rest_csrf: 'TRUE'
20 # @todo This route can be removed in 8.3.
21 # @see \Drupal\Core\Access\CsrfRequestHeaderAccessCheck::access()
22 csrf_test.deprecated.csrftoken:
23 path: '/deprecated/session/token'
25 _controller: '\Drupal\csrf_test\Controller\DeprecatedCsrfTokenController::csrfToken'