• Home
• io.vertx
• vertx-web
• 3.3.0.CR2
• source code
• CSRFHandler.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.vertx.ext.web.handler.CSRFHandler Maven / Gradle / Ivy

package io.vertx.ext.web.handler;

import io.vertx.codegen.annotations.Fluent;
import io.vertx.codegen.annotations.VertxGen;
import io.vertx.core.Handler;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.impl.CSRFHandlerImpl;

/**
 * This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set
 * with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header.
 *
 * The behavior is to check the request body header and cookie for validity.
 *
 * This Handler requires session support, thus should be added somewhere below Session and Body handlers.
 *
 * @author Paulo Lopes
 */
@VertxGen
public interface CSRFHandler extends Handler {

  String DEFAULT_COOKIE_NAME = "XSRF-TOKEN";

  String DEFAULT_HEADER_NAME = "X-XSRF-TOKEN";

  /**
   * Instantiate a new CSRFHandlerImpl with a secret
   * 

   * 
   * CSRFHandler.create("s3cr37")
   * 
   *
   * @param secret server secret to sign the token.
   */
  static CSRFHandler create(String secret) {
    return new CSRFHandlerImpl(secret);
  }

  /**
   * Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks
   * might use other names.
   *
   * @param name a new name for the cookie.
   * @return fluent
   */
  @Fluent
  CSRFHandler setCookieName(String name);

  /**
   * Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other
   * frameworks might use other names.
   *
   * @param name a new name for the header.
   * @return fluent
   */
  @Fluent
  CSRFHandler setHeaderName(String name);

  /**
   * Should the handler give warning messages if this handler is used in other than https protocols?
   *
   * @param nag true to nag
   * @return fluent
   */
  @Fluent
  CSRFHandler setNagHttps(boolean nag);


  /**
   * Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.
   *
   * @param timeout token timeout
   * @return fluent
   */
  @Fluent
  CSRFHandler setTimeout(long timeout);
}