API Documentation
Back to top  

CSRFHandler

This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header.

The behavior is to check the request body header and cookie for validity.

This Handler requires session support, thus should be added somewhere below Session and Body handlers.

package

Default

Methods

__construct

__construct()

Instantiate a new CSRFHandlerImpl with a secret <p> <pre> CSRFHandler.create("s3cr37") </pre>

create( $arg0) : \io\vertx\jphp\ext\web\handler\CSRFHandler
static

Arguments

$arg0

string

Response

\io\vertx\jphp\ext\web\handler\CSRFHandler

Something has happened, so handle it.

handle( $arg0) : void

Arguments

$arg0

RoutingContext

Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.

setCookieName( $arg0) : $this

Arguments

$arg0

string

Response

$this

fluent

Set the cookie path. By default / is used.

setCookiePath( $arg0) : $this

Arguments

$arg0

string

Response

$this

fluent

Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.

setHeaderName( $arg0) : $this

Arguments

$arg0

string

Response

$this

fluent

Should the handler give warning messages if this handler is used in other than https protocols?

setNagHttps( $arg0) : $this

Arguments

$arg0

boolean

Response

$this

fluent

Set the body returned by the handler when the XSRF token is missing or invalid.

setResponseBody( $arg0) : $this

Arguments

$arg0

string

Response

$this

fluent

Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.

setTimeout( $arg0) : $this

Arguments

$arg0

integer

Response

$this

fluent

Constants

DEFAULT_COOKIE_NAME

DEFAULT_COOKIE_NAME
var

php文件只是为了写代码方便,常量的实际值请参考原java文件

DEFAULT_COOKIE_PATH

DEFAULT_COOKIE_PATH
var

php文件只是为了写代码方便,常量的实际值请参考原java文件

DEFAULT_HEADER_NAME

DEFAULT_HEADER_NAME
var

php文件只是为了写代码方便,常量的实际值请参考原java文件

DEFAULT_RESPONSE_BODY

DEFAULT_RESPONSE_BODY
var

php文件只是为了写代码方便,常量的实际值请参考原java文件