interface CSRFHandler : Handler<RoutingContext>
This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header. The behavior is to check the request body header and cookie for validity. This Handler requires session support, thus should be added somewhere below Session and Body handlers.
Author
Paulo Lopes
static val DEFAULT_COOKIE_NAME: String |
|
static val DEFAULT_COOKIE_PATH: String |
|
static val DEFAULT_HEADER_NAME: String |
|
static val DEFAULT_RESPONSE_BODY: String |
open static fun create(secret: String): CSRFHandler
Instantiate a new CSRFHandlerImpl with a secret
|
|
abstract fun setCookieName(name: String): CSRFHandler
Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names. |
|
abstract fun setCookiePath(path: String): CSRFHandler
Set the cookie path. By default / is used. |
|
abstract fun setHeaderName(name: String): CSRFHandler
Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names. |
|
abstract fun setNagHttps(nag: Boolean): CSRFHandler
Should the handler give warning messages if this handler is used in other than https protocols? |
|
abstract fun setResponseBody(responseBody: String): CSRFHandler
Set the body returned by the handler when the XSRF token is missing or invalid. |
|
abstract fun setTimeout(timeout: Long): CSRFHandler
Set the timeout for tokens generated by the handler, by default it uses the default from the session handler. |