Remove _access_rest_csrf route requirement

+++ b/core/lib/Drupal/Core/Access/CsrfRequestHeaderAccessCheck.php
@@ -53,12 +53,7 @@ public function applies(Route $route) {
     $applicable_requirements = [
       '_csrf_request_header_token',

This array only has one item now, then we do array_intersect() on it - I feel this could be refactored to be simpler?

Thank you, that is much cleaner.

Re-reviewed this and I think we removed too much - we no longer have a test for _csrf_request_header_token.

1. +++ /dev/null
   @@ -1,27 +0,0 @@
   -csrf_test.protected:
   -  path: csrf/protected
   -  defaults:
   -    _controller: '\Drupal\csrf_test\Controller\TestController::testMethod'
   -  requirements:
   -    _csrf_request_header_token: 'TRUE'
   -    _method: 'POST'
   

   This should not be removed.

2. +++ /dev/null
   @@ -1,85 +0,0 @@
   -      // Check both test routes.
   -      $route_names = ['csrf_test.protected', 'csrf_test.deprecated.protected'];
   

   This test needs to stay, but only test the non-deprecated route.

Updated the patch with changes mentioned in #11, thanks!

+++ b/core/modules/system/tests/src/Functional/CsrfRequestHeaderTest.php
@@ -42,7 +42,7 @@ public function testRouteAccess() {
     foreach ($csrf_token_paths as $csrf_token_path) {
...
       foreach ($route_names as $route_name) {

Both these foreach() can be refactored away, there is only one route to test now.

Tried to address both #14 and #15. Please review.

Thanks!

This will need a re-roll and possibly some more adjustment after #2949457: Enhance Toolbar's subtree caching so that menu links with CSRF token do not need one subtree cache item per session.

Attaching a new patch.

+1 for #22

Thank you.

Committed aad867e and pushed to 10.0.x. Thanks!

Good riddance! :D