Class CSRFHandler

  • All Implemented Interfaces:
    Handler<RoutingContext>, InputTrustHandler

    public class CSRFHandler
    extends Object
    implements InputTrustHandler, Handler<RoutingContext>
    This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header. The behavior is to check the request body header and cookie for validity. This Handler requires session support, thus should be added somewhere below Session and Body handlers.

    NOTE: This class has been automatically generated from the original non RX-ified interface using Vert.x codegen.

    • Constructor Detail

      • CSRFHandler

        public CSRFHandler​(CSRFHandler delegate)
      • CSRFHandler

        public CSRFHandler​(Object delegate)
    • Method Detail

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object
      • create

        public static CSRFHandler create​(Vertx vertx,
                                         String secret)
        Instantiate a new CSRFHandlerImpl with a secret

         CSRFHandler.create("s3cr37")
         
        Parameters:
        vertx -
        secret - server secret to sign the token.
        Returns:
      • setOrigin

        public CSRFHandler setOrigin​(String origin)
        Set the origin for this server. When this value is set, extra validation will occur. The request must match the origin server, port and protocol.
        Parameters:
        origin - the origin for this server e.g.: https://www.foo.com.
        Returns:
        fluent
      • setCookieName

        public CSRFHandler setCookieName​(String name)
        Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.
        Parameters:
        name - a new name for the cookie.
        Returns:
        fluent
      • setCookiePath

        public CSRFHandler setCookiePath​(String path)
        Set the cookie path. By default / is used.
        Parameters:
        path - a new path for the cookie.
        Returns:
        fluent
      • setCookieSecure

        public CSRFHandler setCookieSecure​(boolean secure)
        Sets the cookie secure flag. When set this flag instructs browsers to only send the cookie over HTTPS.
        Parameters:
        secure - true to set the secure flag on the cookie
        Returns:
        a reference to this, so the API can be used fluently
      • setHeaderName

        public CSRFHandler setHeaderName​(String name)
        Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.
        Parameters:
        name - a new name for the header.
        Returns:
        fluent
      • setNagHttps

        public CSRFHandler setNagHttps​(boolean nag)
        Should the handler give warning messages if this handler is used in other than https protocols?
        Parameters:
        nag - true to nag
        Returns:
        fluent
      • setTimeout

        public CSRFHandler setTimeout​(long timeout)
        Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.
        Parameters:
        timeout - token timeout
        Returns:
        fluent