trait DynamicPluginConfigWithCsrfTokenUrlTrait
Same name in other branches
- 10 core/modules/ckeditor5/src/Plugin/CKEditor5Plugin/DynamicPluginConfigWithCsrfTokenUrlTrait.php \Drupal\ckeditor5\Plugin\CKEditor5Plugin\DynamicPluginConfigWithCsrfTokenUrlTrait
- 11.x core/modules/ckeditor5/src/Plugin/CKEditor5Plugin/DynamicPluginConfigWithCsrfTokenUrlTrait.php \Drupal\ckeditor5\Plugin\CKEditor5Plugin\DynamicPluginConfigWithCsrfTokenUrlTrait
Provides a trait for CKEditor 5 with dynamically generated CSRF token URLs.
The Text Editor module's APIs predate the concept of bubbleable metadata. To prevent URLs with CSRF tokens from breaking cacheability, placeholders are used for those CSRF tokens since https://drupal.org/i/2512132. Placeholders are designed to be attached to the data in which they exist, so they can be replaced at the last possible moment, without interfering with cacheability. Unfortunately, because it is not possible to associate bubbleable metadata with a Text Editor's JS settings, we have to manually process these. This is acceptable only because a text editor's JS settings are not cacheable anyway (just like forms are not cacheable).
@internal
Hierarchy
- trait \Drupal\ckeditor5\Plugin\CKEditor5Plugin\DynamicPluginConfigWithCsrfTokenUrlTrait
See also
\Drupal\Core\Access\CsrfAccessCheck
\Drupal\Core\Access\RouteProcessorCsrf::processOutbound()
\Drupal\Core\Render\BubbleableMetadata
\Drupal\editor\Plugin\EditorPluginInterface::getJSSettings()
\Drupal\ckeditor5\Plugin\CKEditor5Plugin\Image::getDynamicPluginConfig()
\Drupal\ckeditor5\Plugin\CKEditor5Plugin\Media::getDynamicPluginConfig()
https://www.drupal.org/project/drupal/issues/2512132
File
-
core/
modules/ ckeditor5/ src/ Plugin/ CKEditor5Plugin/ DynamicPluginConfigWithCsrfTokenUrlTrait.php, line 32
Namespace
Drupal\ckeditor5\Plugin\CKEditor5PluginView source
trait DynamicPluginConfigWithCsrfTokenUrlTrait {
/**
* Gets the given URL with all placeholders replaced.
*
* @param \Drupal\Core\Url $url
* A URL which generates CSRF token placeholders.
*
* @return string
* The URL string, with all placeholders replaced.
*/
private static function getUrlWithReplacedCsrfTokenPlaceholder(Url $url) : string {
$generated_url = $url->toString(TRUE);
$url_with_csrf_token_placeholder = [
'#plain_text' => $generated_url->getGeneratedUrl(),
];
$generated_url->applyTo($url_with_csrf_token_placeholder);
return (string) \Drupal::service('renderer')->renderPlain($url_with_csrf_token_placeholder);
}
}
Members
Title Sort descending | Modifiers | Object type | Summary |
---|---|---|---|
DynamicPluginConfigWithCsrfTokenUrlTrait::getUrlWithReplacedCsrfTokenPlaceholder | private static | function | Gets the given URL with all placeholders replaced. |
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.