io.vertx.ext.web.handler.CSRFHandler Maven / Gradle / Ivy
package io.vertx.ext.web.handler;
import io.vertx.codegen.annotations.Fluent;
import io.vertx.codegen.annotations.VertxGen;
import io.vertx.core.Handler;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.impl.CSRFHandlerImpl;
/**
* This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set
* with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header.
*
* The behavior is to check the request body header and cookie for validity.
*
* This Handler requires session support, thus should be added somewhere below Session and Body handlers.
*
* @author Paulo Lopes
*/
@VertxGen
public interface CSRFHandler extends Handler {
String DEFAULT_COOKIE_NAME = "XSRF-TOKEN";
String DEFAULT_HEADER_NAME = "X-XSRF-TOKEN";
/**
* Instantiate a new CSRFHandlerImpl with a secret
*
*
* CSRFHandler.create("s3cr37")
*
*
* @param secret server secret to sign the token.
*/
static CSRFHandler create(String secret) {
return new CSRFHandlerImpl(secret);
}
/**
* Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks
* might use other names.
*
* @param name a new name for the cookie.
* @return fluent
*/
@Fluent
CSRFHandler setCookieName(String name);
/**
* Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other
* frameworks might use other names.
*
* @param name a new name for the header.
* @return fluent
*/
@Fluent
CSRFHandler setHeaderName(String name);
/**
* Should the handler give warning messages if this handler is used in other than https protocols?
*
* @param nag true to nag
* @return fluent
*/
@Fluent
CSRFHandler setNagHttps(boolean nag);
/**
* Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.
*
* @param timeout token timeout
* @return fluent
*/
@Fluent
CSRFHandler setTimeout(long timeout);
}