csrf_test.routing.yml
Same filename in other branches
1 string reference to YAML keys in csrf_test.routing.yml
- CsrfRequestHeaderTest::testRouteAccess in core/
modules/ system/ tests/ src/ Functional/ CsrfRequestHeaderTest.php - Tests access to routes protected by CSRF request header requirements.
File
-
core/
modules/ system/ tests/ modules/ csrf_test/ csrf_test.routing.yml
View source
- # Tests CSRF request header token protection.
- csrf_test.protected:
- path: csrf/protected
- defaults:
- _controller: '\Drupal\csrf_test\Controller\TestController::testMethod'
- requirements:
- _csrf_request_header_token: 'TRUE'
- _method: 'POST'
- # Tests deprecated _access_rest_csrf protection.
- # This originally was in the REST module but now is supported in core/lib.
- # @see https://www.drupal.org/node/2753681
- # @todo Remove the route in drupal:10.0.0 https://www.drupal.org/node/3115308
- csrf_test.deprecated.protected:
- path: csrf/deprecated/protected
- defaults:
- _controller: '\Drupal\csrf_test\Controller\TestController::testMethod'
- requirements:
- _access_rest_csrf: 'TRUE'
- _method: 'POST'
- # @todo Remove this route in drupal:10.0.0 https://www.drupal.org/node/3115308
- # @see \Drupal\Core\Access\CsrfRequestHeaderAccessCheck::access()
- csrf_test.deprecated.csrftoken:
- path: '/deprecated/session/token'
- defaults:
- _controller: '\Drupal\csrf_test\Controller\DeprecatedCsrfTokenController::csrfToken'
- requirements:
- _access: 'TRUE'
- csrf_test.route_with_csrf_token:
- path: csrf/protected/route
- defaults:
- _controller: '\Drupal\csrf_test\Controller\TestController::testMethod'
- requirements:
- _permission: 'administer site configuration'
- _csrf_token: 'TRUE'
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.