• Home
• com.c4-soft.springaddons
• spring-addons-starter-oidc
• 7.9.0-M3
• source code
• Csrf.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.c4_soft.springaddons.security.oidc.starter.properties.Csrf Maven / Gradle / Ivy

package com.c4_soft.springaddons.security.oidc.starter.properties;

/**
 * 

 * 
DEFAULT switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client)
 * 
DISABLE disables CSRF protection. The default value for resource servers, but you should really not be doing that on a client!
 * 
SESSION stores CSRF token in servlet session or reactive web-session. The default value for clients, which is just fine if your not querying it with a JS
 * application (written with Angular, React, Vue, etc.)
 * 
COOKIE_HTTP_ONLY stores CSRF in a http-only XSRF-TOKEN cookie (not accessible from rich client apps)
 * 
COOKIE_ACCESSIBLE_FROM_JS stores CSRF in a XSRF-TOKEN cookie that is readable by JS apps
 * 
 *
 * @author ch4mp
 */
public enum Csrf {
	/**
	 * Switches between DISABLED if statlessSessions is true (resource server) and SESSION otherwise (client)
	 */
	DEFAULT,
	/**
	 * Disables CSRF protection. The default value for resource servers, but you should really not be doing that on a client!
	 */
	DISABLE,
	/**
	 * Stores CSRF token in servlet session or reactive web-session. The default value for clients, which is just fine if your not querying it with a JS
	 * application (written with Angular, React, Vue, etc.)
	 */
	SESSION,
	/**
	 * Stores CSRF in a XSRF-TOKEN cookie that is readable by JS apps. To be used when sessions are enabled and queries are issued with Angular, React, Vue,
	 * etc.
	 */
	COOKIE_ACCESSIBLE_FROM_JS
}