Issue #2949457 by idebr, jibran, Wim Leers, dungahk, fago, kim.pepper,... (df171a1a) · Commits · project / drupal

core/lib/Drupal/Core/Access/CsrfRequestHeaderAccessCheck.php

+1 −1

Original line number	Diff line number	Diff line
		@@ -57,7 +57,7 @@ public function applies(Route $route) {
		'_access_rest_csrf',
		];
		if ($route->hasRequirement('_access_rest_csrf')) {
		@trigger_error('Route requirement _access_rest_csrf is deprecated in drupal:8.2.0 and is removed in drupal:10.0.0. Use _csrf_request_header_token instead. See https://www.drupal.org/node/2772399', E_USER_DEPRECATED);
		@trigger_error('Route requirement _access_rest_csrf is deprecated in drupal:9.2.0 and is removed in drupal:10.0.0. Use _csrf_request_header_token instead. See https://www.drupal.org/node/2772399', E_USER_DEPRECATED);
		}
		$requirement_keys = array_keys($requirements);

0 → 100644

+13 −0

Original line number	Diff line number	Diff line
		csrf_test.help:
		title: 'Tools'
		route_name: <front>
		menu_name: admin
		parent: system.admin
		weight: -100

		csrf_test.protected:
		title: 'Route with csrf protection'
		route_name: csrf_test.route_with_csrf_token
		menu_name: admin
		parent: system.admin
		weight: -100

+7 −0

Original line number	Diff line number	Diff line
		@@ -25,3 +25,10 @@ csrf_test.deprecated.csrftoken:
		_controller: '\Drupal\csrf_test\Controller\DeprecatedCsrfTokenController::csrfToken'
		requirements:
		_access: 'TRUE'
		csrf_test.route_with_csrf_token:
		path: csrf/protected/route
		defaults:
		_controller: '\Drupal\csrf_test\Controller\TestController::testMethod'
		requirements:
		_permission: 'administer site configuration'
		_csrf_token: 'TRUE'

+1 −1

Original line number	Diff line number	Diff line
		@@ -33,7 +33,7 @@ class CsrfRequestHeaderTest extends BrowserTestBase {
		* @group legacy
		*/
		public function testRouteAccess() {
		$this->expectDeprecation('Route requirement _access_rest_csrf is deprecated in drupal:8.2.0 and is removed in drupal:10.0.0. Use _csrf_request_header_token instead. See https://www.drupal.org/node/2772399');
		$this->expectDeprecation('Route requirement _access_rest_csrf is deprecated in drupal:9.2.0 and is removed in drupal:10.0.0. Use _csrf_request_header_token instead. See https://www.drupal.org/node/2772399');
		$client = $this->getHttpClient();
		$csrf_token_paths = ['deprecated/session/token', 'session/token'];
		// Test using the both the current path and a test path that returns

+5 −1

Original line number	Diff line number	Diff line
		@@ -7,6 +7,7 @@
		use Drupal\Core\Cache\CacheableMetadata;
		use Drupal\Core\Controller\ControllerBase;
		use Drupal\Core\Menu\MenuTreeParameters;
		use Drupal\Core\Render\RenderContext;
		use Drupal\Core\Security\TrustedCallbackInterface;
		use Drupal\toolbar\Ajax\SetSubtreesCommand;

		@@ -91,6 +92,7 @@ public static function preRenderAdministrationTray(array $element) {
		*/
		public static function preRenderGetRenderedSubtrees(array $data) {
		$menu_tree = \Drupal::service('toolbar.menu_tree');
		$renderer = \Drupal::service('renderer');
		// Load the administration menu. The first level is the "Administration"
		// link. In order to load the children of that link and the subsequent two
		// levels, start at the second level and end at the fourth.
		@@ -112,7 +114,9 @@ public static function preRenderGetRenderedSubtrees(array $data) {
		$link = $element->link;
		if ($element->subtree) {
		$subtree = $menu_tree->build($element->subtree);
		$output = \Drupal::service('renderer')->renderPlain($subtree);
		$output = $renderer->executeInRenderContext(new RenderContext(), function () use ($renderer, $subtree) {
		return $renderer->render($subtree);
		});
		$cacheability = $cacheability->merge(CacheableMetadata::createFromRenderArray($subtree));
		}
		else {