/** * {@inheritdoc} */ public function processOutbound(Route $route, array &$parameters) { if ($route->hasRequirement('_csrf_token')) { $path = ltrim($route->getPath(), '/'); // Replace the path parameters with values from the parameters array. foreach ($parameters as $param => $value) { $path = str_replace("{{$param}}", $value, $path); } // Adding this to the parameters means it will get merged into the query // string when the route is compiled. $parameters['token'] = $this->csrfToken->get($path); } }
/** * {@inheritdoc} */ public function processOutbound($route_name, Route $route, array &$parameters, CacheableMetadata $cacheable_metadata = NULL) { if ($route->hasRequirement('_csrf_token')) { $path = ltrim($route->getPath(), '/'); // Replace the path parameters with values from the parameters array. foreach ($parameters as $param => $value) { $path = str_replace("{{$param}}", $value, $path); } // Adding this to the parameters means it will get merged into the query // string when the route is compiled. $parameters['token'] = $this->csrfToken->get($path); if ($cacheable_metadata) { // Tokens are per user and per session, so not cacheable. // @todo Improve in https://www.drupal.org/node/2351015. $cacheable_metadata->setCacheMaxAge(0); } } }
/** * {@inheritdoc} */ public function processOutbound($route_name, Route $route, array &$parameters, BubbleableMetadata $bubbleable_metadata = NULL) { if ($route->hasRequirement('_csrf_token')) { $path = ltrim($route->getPath(), '/'); // Replace the path parameters with values from the parameters array. foreach ($parameters as $param => $value) { $path = str_replace("{{$param}}", $value, $path); } // Adding this to the parameters means it will get merged into the query // string when the route is compiled. if (!$bubbleable_metadata) { $parameters['token'] = $this->csrfToken->get($path); } else { // Generate a placeholder and a render array to replace it. $placeholder = hash('sha1', $path); $placeholder_render_array = ['#lazy_builder' => ['route_processor_csrf:renderPlaceholderCsrfToken', [$path]]]; // Instead of setting an actual CSRF token as the query string, we set // the placeholder, which will be replaced at the very last moment. This // ensures links with CSRF tokens don't break cacheability. $parameters['token'] = $placeholder; $bubbleable_metadata->addAttachments(['placeholders' => [$placeholder => $placeholder_render_array]]); } } }
public function testRequirement() { $route = new Route('/{foo}'); $this->assertFalse($route->hasRequirement('foo'), '->hasRequirement() return false if requirement is not set'); $route->setRequirement('foo', '^\\d+$'); $this->assertEquals('\\d+', $route->getRequirement('foo'), '->setRequirement() removes ^ and $ from the path'); $this->assertTrue($route->hasRequirement('foo'), '->hasRequirement() return true if requirement is set'); }
/** * {@inheritdoc} */ public function applies(Route $route) { return $route->hasRequirement('_format'); }