header('Gql-Session') === 'SUPER_SECRET_KEY_HEADER') { return ""; } else { throw new AccessDeniedHttpException; } return $next($request); } }