function ImageStyleDownloadAccessControlTest::testPublicThroughPrivateRoute

Same name and namespace in other branches
  1. 10 core/modules/image/tests/src/Functional/ImageStyleDownloadAccessControlTest.php \Drupal\Tests\image\Functional\ImageStyleDownloadAccessControlTest::testPublicThroughPrivateRoute()

Ensures that public:// access is forbidden through image.style.private.

File

core/modules/image/tests/src/Functional/ImageStyleDownloadAccessControlTest.php, line 117

Class

ImageStyleDownloadAccessControlTest
Tests access control for downloading image styles.

Namespace

Drupal\Tests\image\Functional

Code

public function testPublicThroughPrivateRoute() : void {
    $this->fileSystem
        ->copy(\Drupal::root() . '/core/tests/fixtures/files/image-1.png', 'public://image.png');
    $token = $this->style
        ->getPathToken('public://image.png');
    $private_route_public_scheme = Url::fromRoute('image.style_private', [
        'image_style' => $this->style
            ->id(),
        'scheme' => 'public',
    ])
        ->setAbsolute(TRUE);
    $generate_url = $private_route_public_scheme->toString() . '/image.png?itok=' . $token;
    $this->drupalGet($generate_url);
    $this->assertSession()
        ->statusCodeEquals(403);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.