public RouteProcessorCsrf::processOutbound($route_name, Route $route, array &$parameters, BubbleableMetadata $bubbleable_metadata = NULL)
Processes the outbound route.
Parameters
string $route_name: The route name.
\Symfony\Component\Routing\Route $route: The outbound route to process.
array $parameters: An array of parameters to be passed to the route compiler. Passed by reference.
\Drupal\Core\Render\BubbleableMetadata $bubbleable_metadata: (optional) Object to collect route processors' bubbleable metadata.
Return value
The processed path.
Overrides OutboundRouteProcessorInterface::processOutbound
File
- core/lib/Drupal/Core/Access/RouteProcessorCsrf.php, line 34
Class
- RouteProcessorCsrf
- Processes the outbound route to handle the CSRF token.
Namespace
Drupal\Core\Access
Code
public function processOutbound($route_name, Route $route, array &$parameters, BubbleableMetadata $bubbleable_metadata = NULL) {
if ($route->hasRequirement('_csrf_token')) {
$path = ltrim($route->getPath(), '/');
// Replace the path parameters with values from the parameters array.
foreach ($parameters as $param => $value) {
$path = str_replace("{{$param}}", $value, $path);
}
// Adding this to the parameters means it will get merged into the query
// string when the route is compiled.
if (!$bubbleable_metadata) {
$parameters['token'] = $this->csrfToken->get($path);
}
else {
// Generate a placeholder and a render array to replace it.
$placeholder = hash('sha1', $path);
$placeholder_render_array = [
'#lazy_builder' => ['route_processor_csrf:renderPlaceholderCsrfToken', [$path]],
];
// Instead of setting an actual CSRF token as the query string, we set
// the placeholder, which will be replaced at the very last moment. This
// ensures links with CSRF tokens don't break cacheability.
$parameters['token'] = $placeholder;
$bubbleable_metadata->addAttachments(['placeholders' => [$placeholder => $placeholder_render_array]]);
}
}
}
Please login to continue.