Drupal 8.0.0 beta 12. More info: https://www.drupal.org/node/2514176

2015-08-17 17:00:26 -07:00 · 2015-08-17 17:00:26 -07:00 · 9921556621
commit 9921556621
13277 changed files with 1459781 additions and 0 deletions
--- a/core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php
+++ b/core/modules/basic_auth/src/PageCache/DisallowBasicAuthRequests.php
@ -0,0 +1,33 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\basic_auth\PageCache\DisallowBasicAuthRequests.
+ */
+
+namespace Drupal\basic_auth\PageCache;
+
+use Drupal\Core\PageCache\RequestPolicyInterface;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Cache policy for pages served from basic auth.
+ *
+ * This policy disallows caching of requests that use basic_auth for security
+ * reasons. Otherwise responses for authenticated requests can get into the
+ * page cache and could be delivered to unprivileged users.
+ */
+class DisallowBasicAuthRequests implements RequestPolicyInterface {
+
+  /**
+   * {@inheritdoc}
+   */
+  public function check(Request $request) {
+    $username = $request->headers->get('PHP_AUTH_USER');
+    $password = $request->headers->get('PHP_AUTH_PW');
+    if (isset($username) && isset($password)) {
+      return self::DENY;
+    }
+  }
+
+}