diff --git a/core/lib/Drupal/Core/Access/CsrfRequestHeaderAccessCheck.php b/core/lib/Drupal/Core/Access/CsrfRequestHeaderAccessCheck.php
index dc8203bf8f..c9266f5736 100644
--- a/core/lib/Drupal/Core/Access/CsrfRequestHeaderAccessCheck.php
+++ b/core/lib/Drupal/Core/Access/CsrfRequestHeaderAccessCheck.php
@@ -90,14 +90,13 @@ public function access(Request $request, AccountInterface $account) {
     $method = $request->getMethod();
 
     // Read-only operations are always allowed.
-    if (in_array($method, ['GET', 'HEAD', 'OPTIONS', 'TRACE'])) {
+    if (in_array($method, ['GET', 'HEAD', 'OPTIONS', 'TRACE'], TRUE)) {
       return AccessResult::allowed();
     }
 
     // This check only applies if
-    // 1. this is a write operation
-    // 2. the user was successfully authenticated and
-    // 3. the request comes with a session cookie.
+    // 1. the user was successfully authenticated and
+    // 2. the request comes with a session cookie.
     if ($account->isAuthenticated()
       && $this->sessionConfiguration->hasSession($request)
     ) {
diff --git a/core/lib/Drupal/Core/Routing/AccessAwareRouter.php b/core/lib/Drupal/Core/Routing/AccessAwareRouter.php
index 1a93b42d35..0d592fa643 100644
--- a/core/lib/Drupal/Core/Routing/AccessAwareRouter.php
+++ b/core/lib/Drupal/Core/Routing/AccessAwareRouter.php
@@ -113,6 +113,9 @@ protected function checkAccess(Request $request) {
       $request->attributes->set(AccessAwareRouterInterface::ACCESS_RESULT, $access_result);
     }
     if (!$access_result->isAllowed()) {
+      print_r('----------');
+      print_r($access_result instanceof CacheableDependencyInterface);
+      print_r('+--------+');
       if ($access_result instanceof CacheableDependencyInterface && $request->isMethodCacheable()) {
         throw new CacheableAccessDeniedHttpException($access_result, $access_result instanceof AccessResultReasonInterface ? $access_result->getReason() : NULL);
       }