// other response)
// 2. Have the 'config:user.role.anonymous' cache tag, because the only
// reason this 401 would no longer be a 401 is if permissions for the
// 'anonymous' role change, causing the cache tag to be invalidated.
// @see \Drupal\Core\EventSubscriber\AuthenticationSubscriber::onExceptionSendChallenge()
// @see \Drupal\Core\EventSubscriber\ClientErrorResponseSubscriber()
// @see \Drupal\Core\EventSubscriber\FinishResponseSubscriber::onAllResponds()
$cacheability = CacheableMetadata::
createFromObject($site_config) ->
addCacheTags(['config:user.role.anonymous'
]) ->
addCacheContexts(['user.roles:anonymous'
]);
return $request->
isMethodCacheable() ?
new CacheableUnauthorizedHttpException($cacheability,
(string) $challenge, 'No authentication credentials provided.',
$previous) :
new UnauthorizedHttpException((string) $challenge, 'No authentication credentials provided.',
$previous);
}}