DisallowBasicAuthRequests.php

Same filename in other branches
  1. 8.9.x core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php
  2. 10 core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php
  3. 11.x core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php

Namespace

Drupal\basic_auth\PageCache

File

core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php

View source
<?php

namespace Drupal\basic_auth\PageCache;

use Drupal\Core\PageCache\RequestPolicyInterface;
use Symfony\Component\HttpFoundation\Request;

/**
 * Cache policy for pages served from basic auth.
 *
 * This policy disallows caching of requests that use basic_auth for security
 * reasons. Otherwise responses for authenticated requests can get into the
 * page cache and could be delivered to unprivileged users.
 */
class DisallowBasicAuthRequests implements RequestPolicyInterface {
    
    /**
     * {@inheritdoc}
     */
    public function check(Request $request) {
        $username = $request->headers
            ->get('PHP_AUTH_USER');
        $password = $request->headers
            ->get('PHP_AUTH_PW');
        if (isset($username) && isset($password)) {
            return self::DENY;
        }
    }

}

Classes

Title Deprecated Summary
DisallowBasicAuthRequests Cache policy for pages served from basic auth.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.