vertx / io.vertx.ext.web.handler / CSRFHandler

CSRFHandler

interface CSRFHandler : Handler<RoutingContext>

This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header. The behavior is to check the request body header and cookie for validity. This Handler requires session support, thus should be added somewhere below Session and Body handlers.

Author
Paulo Lopes

Properties

DEFAULT_COOKIE_NAME

static val DEFAULT_COOKIE_NAME: String

DEFAULT_COOKIE_PATH

static val DEFAULT_COOKIE_PATH: String

DEFAULT_HEADER_NAME

static val DEFAULT_HEADER_NAME: String

DEFAULT_RESPONSE_BODY

static val DEFAULT_RESPONSE_BODY: String

Functions

create

open static fun create(secret: String): CSRFHandler

Instantiate a new CSRFHandlerImpl with a secret

 CSRFHandler.create("s3cr37") 

setCookieName

abstract fun setCookieName(name: String): CSRFHandler

Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.

setCookiePath

abstract fun setCookiePath(path: String): CSRFHandler

Set the cookie path. By default / is used.

setHeaderName

abstract fun setHeaderName(name: String): CSRFHandler

Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.

setNagHttps

abstract fun setNagHttps(nag: Boolean): CSRFHandler

Should the handler give warning messages if this handler is used in other than https protocols?

setResponseBody

abstract fun setResponseBody(responseBody: String): CSRFHandler

Set the body returned by the handler when the XSRF token is missing or invalid.

setTimeout

abstract fun setTimeout(timeout: Long): CSRFHandler

Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.