public interface CSRFHandler extends InputTrustHandler
Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_COOKIE_NAME |
static String |
DEFAULT_COOKIE_PATH |
static String |
DEFAULT_HEADER_NAME |
Modifier and Type | Method and Description |
---|---|
static CSRFHandler |
create(Vertx vertx,
String secret)
Instantiate a new CSRFHandlerImpl with a secret
|
CSRFHandler |
setCookieHttpOnly(boolean httpOnly)
Set the cookie
httpOnly attribute. |
CSRFHandler |
setCookieName(String name)
Set the cookie name.
|
CSRFHandler |
setCookiePath(String path)
Set the cookie path.
|
CSRFHandler |
setCookieSecure(boolean secure)
Sets the cookie
secure flag. |
CSRFHandler |
setHeaderName(String name)
Set the header name.
|
CSRFHandler |
setNagHttps(boolean nag)
Should the handler give warning messages if this handler is used in other than https protocols?
|
CSRFHandler |
setOrigin(String origin)
Set the origin for this server.
|
CSRFHandler |
setTimeout(long timeout)
Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.
|
static final String DEFAULT_COOKIE_NAME
static final String DEFAULT_COOKIE_PATH
static final String DEFAULT_HEADER_NAME
static CSRFHandler create(Vertx vertx, String secret)
CSRFHandler.create("s3cr37")
secret
- server secret to sign the token.CSRFHandler setOrigin(String origin)
origin
- the origin for this server e.g.: https://www.foo.com
.CSRFHandler setCookieName(String name)
name
- a new name for the cookie.CSRFHandler setCookiePath(String path)
path
- a new path for the cookie.CSRFHandler setCookieHttpOnly(boolean httpOnly)
httpOnly
attribute. When setting to false
the CSRF handler will behave in
Double Submit Cookie mode. When set to true
then it will operate in Cookie-to-header mode.
For more information https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookiehttpOnly
- a new name for the header.CSRFHandler setCookieSecure(boolean secure)
secure
flag. When set this flag instructs browsers to only send the cookie over HTTPS.secure
- true to set the secure flag on the cookieCSRFHandler setHeaderName(String name)
name
- a new name for the header.CSRFHandler setNagHttps(boolean nag)
nag
- true to nagCSRFHandler setTimeout(long timeout)
timeout
- token timeoutCopyright © 2024 Eclipse. All rights reserved.