3 namespace Drupal\csrf_test\Controller;
5 use Drupal\Core\Access\CsrfTokenGenerator;
6 use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
7 use Symfony\Component\DependencyInjection\ContainerInterface;
8 use Symfony\Component\HttpFoundation\Response;
11 * Returns responses for Deprecated CSRF token routes.
13 * This controller tests using the deprecated CSRF token key 'rest'.
15 * @todo This class can be removed in 8.3.
17 * @see \Drupal\Core\Access\CsrfRequestHeaderAccessCheck::access()
19 class DeprecatedCsrfTokenController implements ContainerInjectionInterface {
22 * The CSRF token generator.
24 * @var \Drupal\Core\Access\CsrfTokenGenerator
26 protected $tokenGenerator;
29 * Constructs a new CsrfTokenController object.
31 * @param \Drupal\Core\Access\CsrfTokenGenerator $token_generator
32 * The CSRF token generator.
34 public function __construct(CsrfTokenGenerator $token_generator) {
35 $this->tokenGenerator = $token_generator;
41 public static function create(ContainerInterface $container) {
43 $container->get('csrf_token')
48 * Returns a CSRF using the deprecated 'rest' value protecting session token.
50 * @return \Symfony\Component\HttpFoundation\Response
51 * The response object.
53 public function csrfToken() {
54 return new Response($this->tokenGenerator->get('rest'), 200, ['Content-Type' => 'text/plain']);