class CSRFHandler extends Handler[RoutingContext]
This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header.
The behavior is to check the request body header and cookie for validity.
This Handler requires session support, thus should be added somewhere below Session and Body handlers.
- Alphabetic
- By Inheritance
- CSRFHandler
- Handler
- AnyRef
- Any
- Hide All
- Show All
- Public
- All
Instance Constructors
- new CSRFHandler(_asJava: AnyRef)
Value Members
-
final
def
!=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
##(): Int
- Definition Classes
- AnyRef → Any
-
final
def
==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
asInstanceOf[T0]: T0
- Definition Classes
- Any
- def asJava: AnyRef
-
def
clone(): AnyRef
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @native() @throws( ... )
-
final
def
eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
def
equals(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
def
finalize(): Unit
- Attributes
- protected[java.lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( classOf[java.lang.Throwable] )
-
final
def
getClass(): Class[_]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
-
def
handle(arg0: RoutingContext): Unit
- Definition Classes
- CSRFHandler → Handler
-
def
hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
-
final
def
isInstanceOf[T0]: Boolean
- Definition Classes
- Any
-
final
def
ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
final
def
notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
-
final
def
notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
-
def
setCookieName(name: String): CSRFHandler
Set the cookie name.
Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names. * @param name a new name for the cookie.
- returns
fluent
-
def
setCookiePath(path: String): CSRFHandler
Set the cookie path.
Set the cookie path. By default / is used. * @param path a new path for the cookie.
- returns
fluent
-
def
setHeaderName(name: String): CSRFHandler
Set the header name.
Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names. * @param name a new name for the header.
- returns
fluent
-
def
setNagHttps(nag: Boolean): CSRFHandler
Should the handler give warning messages if this handler is used in other than https protocols? * @param nag true to nag
Should the handler give warning messages if this handler is used in other than https protocols? * @param nag true to nag
- returns
fluent
-
def
setResponseBody(responseBody: String): CSRFHandler
Set the body returned by the handler when the XSRF token is missing or invalid.
Set the body returned by the handler when the XSRF token is missing or invalid. * @param responseBody the body of the response. If null, no response body will be returned.
- returns
fluent
-
def
setTimeout(timeout: Long): CSRFHandler
Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.
Set the timeout for tokens generated by the handler, by default it uses the default from the session handler. * @param timeout token timeout
- returns
fluent
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
- Definition Classes
- AnyRef
-
def
toString(): String
- Definition Classes
- AnyRef → Any
-
final
def
wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @throws( ... )