This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header.
The behavior is to check the request body header and cookie for validity.
This Handler requires session support, thus should be added somewhere below Session and Body handlers.
AnythingObjectCSRFHandlerBasicIdentifiableObjectAnythingno subtypes hierarchy
| Initializer |
CSRFHandler(CSRFHandler unknown) |
| Inherited Attributes |
Attributes inherited from: Objecthash, string |
| Methods | |
handle | shared default void handle(RoutingContext arg0) |
setCookieName | shared default CSRFHandler setCookieName(String name)Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names. Parameters:
|
setHeaderName | shared default CSRFHandler setHeaderName(String name)Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names. Parameters:
|
setNagHttps | shared default CSRFHandler setNagHttps(Boolean nag)Should the handler give warning messages if this handler is used in other than https protocols? Parameters:
|
setTimeout | shared default CSRFHandler setTimeout(Integer timeout)Set the timeout for tokens generated by the handler, by default it uses the default from the session handler. Parameters:
|
| Inherited Methods |
Methods inherited from: Objectequals |