Class: CSRFHandler

vertx-web-js/csrf_handler~ CSRFHandler

new CSRFHandler()

This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header. The behavior is to check the request body header and cookie for validity. This Handler requires session support, thus should be added somewhere below Session and Body handlers.
Source:

Methods

handle(arg0)

Parameters:
Name Type Description
arg0 RoutingContext
Source:

setCookieName(name) → {CSRFHandler}

Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.
Parameters:
Name Type Description
name string a new name for the cookie.
Source:
Returns:
fluent
Type
CSRFHandler

setCookiePath(path) → {CSRFHandler}

Set the cookie path. By default / is used.
Parameters:
Name Type Description
path string a new path for the cookie.
Source:
Returns:
fluent
Type
CSRFHandler

setHeaderName(name) → {CSRFHandler}

Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.
Parameters:
Name Type Description
name string a new name for the header.
Source:
Returns:
fluent
Type
CSRFHandler

setNagHttps(nag) → {CSRFHandler}

Should the handler give warning messages if this handler is used in other than https protocols?
Parameters:
Name Type Description
nag boolean true to nag
Source:
Returns:
fluent
Type
CSRFHandler

setResponseBody(responseBody) → {CSRFHandler}

Set the body returned by the handler when the XSRF token is missing or invalid.
Parameters:
Name Type Description
responseBody string the body of the response. If null, no response body will be returned.
Source:
Returns:
fluent
Type
CSRFHandler

setTimeout(timeout) → {CSRFHandler}

Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.
Parameters:
Name Type Description
timeout number token timeout
Source:
Returns:
fluent
Type
CSRFHandler