header('Gql-Session') === 'SUPER_SECRET_KEY_HEADER') { return ''; } else { throw new AccessDeniedHttpException(); } return $next($request); } }