Loading core/lib/Drupal/Core/Access/CsrfAccessCheck.php +12 −4 Original line number Diff line number Diff line Loading @@ -8,11 +8,19 @@ use Symfony\Component\HttpFoundation\Request; /** * Allows access to routes to be controlled by a '_csrf_token' parameter. * Access protection against CSRF attacks. * * To use this check, add a "token" GET parameter to URLs of which the value is * a token generated by \Drupal::csrfToken()->get() using the same value as the * "_csrf_token" parameter in the route. * The CsrfAccessCheck is added to any route with the '_csrf_token' route * requirement. If a link/url to a protected route is generated using the * url_generator service, a valid token will be added automatically. Otherwise, * a valid token can be generated by the csrf_token service using the route's * path (without leading slash) as the argument when generating the token. This * token can then be added as the 'token' query parameter when accessing the * protected route. * * @see \Drupal\Core\Access\RouteProcessorCsrf * @see \Drupal\Core\Access\CsrfTokenGenerator * @see https://www.drupal.org/docs/8/api/routing-system/access-checking-on-routes/csrf-access-checking */ class CsrfAccessCheck implements RoutingAccessInterface { Loading Loading
core/lib/Drupal/Core/Access/CsrfAccessCheck.php +12 −4 Original line number Diff line number Diff line Loading @@ -8,11 +8,19 @@ use Symfony\Component\HttpFoundation\Request; /** * Allows access to routes to be controlled by a '_csrf_token' parameter. * Access protection against CSRF attacks. * * To use this check, add a "token" GET parameter to URLs of which the value is * a token generated by \Drupal::csrfToken()->get() using the same value as the * "_csrf_token" parameter in the route. * The CsrfAccessCheck is added to any route with the '_csrf_token' route * requirement. If a link/url to a protected route is generated using the * url_generator service, a valid token will be added automatically. Otherwise, * a valid token can be generated by the csrf_token service using the route's * path (without leading slash) as the argument when generating the token. This * token can then be added as the 'token' query parameter when accessing the * protected route. * * @see \Drupal\Core\Access\RouteProcessorCsrf * @see \Drupal\Core\Access\CsrfTokenGenerator * @see https://www.drupal.org/docs/8/api/routing-system/access-checking-on-routes/csrf-access-checking */ class CsrfAccessCheck implements RoutingAccessInterface { Loading
