csrf_test.routing.yml

Same filename in other branches
  1. 9 core/modules/system/tests/modules/csrf_test/csrf_test.routing.yml
  2. 10 core/modules/system/tests/modules/csrf_test/csrf_test.routing.yml
  3. 11.x core/modules/system/tests/modules/csrf_test/csrf_test.routing.yml
core/modules/system/tests/modules/csrf_test/csrf_test.routing.yml
1 string reference to YAML keys in csrf_test.routing.yml
CsrfRequestHeaderTest::testRouteAccess in core/modules/system/tests/src/Functional/CsrfRequestHeaderTest.php
Tests access to routes protected by CSRF request header requirements.

File

core/modules/system/tests/modules/csrf_test/csrf_test.routing.yml

View source 
  1. # Tests CSRF request header token protection.

  2. csrf_test.protected:

  3.   path: csrf/protected

  4.   defaults:

  5.     _controller: '\Drupal\csrf_test\Controller\TestController::testMethod'

  6.   requirements:

  7.     _csrf_request_header_token: 'TRUE'

  8.     _method: 'POST'

  9. # Tests deprecated _access_rest_csrf protection.

  10. # This originally was in the REST module but now is supported in core/lib.

  11. # @see https://www.drupal.org/node/2753681

  12. # @todo Remove the route in drupal:10.0.0 https://www.drupal.org/node/3115308

  13. csrf_test.deprecated.protected:

  14.   path: csrf/deprecated/protected

  15.   defaults:

  16.     _controller: '\Drupal\csrf_test\Controller\TestController::testMethod'

  17.   requirements:

  18.     _access_rest_csrf: 'TRUE'

  19.     _method: 'POST'

  20. # @todo Remove this route in drupal:10.0.0 https://www.drupal.org/node/3115308

  21. # @see \Drupal\Core\Access\CsrfRequestHeaderAccessCheck::access()

  22. csrf_test.deprecated.csrftoken:

  23.   path: '/deprecated/session/token'

  24.   defaults:

  25.     _controller: '\Drupal\csrf_test\Controller\DeprecatedCsrfTokenController::csrfToken'

  26.   requirements:

  27.     _access: 'TRUE'

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.