function BasicAuthResourceTestTrait::normalizeHeadersForGetHeadComparison

Stateless authentication via basic_auth does not persist a session between requests, so the CSRF token seed in the session metadata bag is regenerated on every request. Any URL carrying a `?token=` (e.g. admin operation links surfaced as Link headers) therefore legitimately differs between the HEAD and GET request the test base issues for the same resource. Replace the token value with a placeholder so the comparison still asserts URL structure and link relations exactly.

File

core/modules/rest/tests/src/Functional/BasicAuthResourceTestTrait.php, line 76

Class

BasicAuthResourceTestTrait: Trait for ResourceTestBase subclasses testing $auth=basic_auth.

Namespace

Drupal\Tests\rest\Functional

Code

protected function normalizeHeadersForGetHeadComparison(array $headers) : array {
  if (isset($headers['Link'])) {
    $headers['Link'] = array_map(fn($value) => preg_replace('/(\\?|&)token=[^&>]+/', '$1token=NORMALIZED', $value), $headers['Link']);
  }
  return $headers;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.

function BasicAuthResourceTestTrait::normalizeHeadersForGetHeadComparison

File

Class

Namespace

Code

Search drupal main

API Navigation

Breadcrumb

function BasicAuthResourceTestTrait::normalizeHeadersForGetHeadComparison

File

Class

Namespace

Code

Search drupal main

API Navigation