public class CSRFHandler extends Object implements Handler<RoutingContext>
original
non RX-ified interface using Vert.x codegen.Modifier and Type | Field and Description |
---|---|
static io.vertx.lang.rx.TypeArg<CSRFHandler> |
__TYPE_ARG |
static String |
DEFAULT_COOKIE_NAME |
static String |
DEFAULT_COOKIE_PATH |
static String |
DEFAULT_HEADER_NAME |
Constructor and Description |
---|
CSRFHandler(CSRFHandler delegate) |
CSRFHandler(Object delegate) |
Modifier and Type | Method and Description |
---|---|
static CSRFHandler |
create(Vertx vertx,
String secret)
Instantiate a new CSRFHandlerImpl with a secret
|
boolean |
equals(Object o) |
CSRFHandler |
getDelegate() |
void |
handle(RoutingContext event)
Something has happened, so handle it.
|
int |
hashCode() |
static CSRFHandler |
newInstance(CSRFHandler arg) |
CSRFHandler |
setCookieHttpOnly(boolean httpOnly)
Set the cookie
httpOnly attribute. |
CSRFHandler |
setCookieName(String name)
Set the cookie name.
|
CSRFHandler |
setCookiePath(String path)
Set the cookie path.
|
CSRFHandler |
setHeaderName(String name)
Set the header name.
|
CSRFHandler |
setNagHttps(boolean nag)
Should the handler give warning messages if this handler is used in other than https protocols?
|
CSRFHandler |
setOrigin(String origin)
Set the origin for this server.
|
CSRFHandler |
setTimeout(long timeout)
Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.
|
String |
toString() |
public static final io.vertx.lang.rx.TypeArg<CSRFHandler> __TYPE_ARG
public static final String DEFAULT_COOKIE_NAME
public static final String DEFAULT_COOKIE_PATH
public static final String DEFAULT_HEADER_NAME
public CSRFHandler(CSRFHandler delegate)
public CSRFHandler(Object delegate)
public CSRFHandler getDelegate()
public void handle(RoutingContext event)
handle
in interface Handler<RoutingContext>
event
- the event to handlepublic static CSRFHandler create(Vertx vertx, String secret)
CSRFHandler.create("s3cr37")
vertx
- secret
- server secret to sign the token.public CSRFHandler setOrigin(String origin)
origin
- the origin for this server e.g.: https://www.foo.com
.public CSRFHandler setCookieName(String name)
name
- a new name for the cookie.public CSRFHandler setCookiePath(String path)
path
- a new path for the cookie.public CSRFHandler setCookieHttpOnly(boolean httpOnly)
httpOnly
attribute. When setting to false
the CSRF handler will behave in
Double Submit Cookie mode. When set to true
then it will operate in Cookie-to-header mode.
For more information https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookiehttpOnly
- a new name for the header.public CSRFHandler setHeaderName(String name)
name
- a new name for the header.public CSRFHandler setNagHttps(boolean nag)
nag
- true to nagpublic CSRFHandler setTimeout(long timeout)
timeout
- token timeoutpublic static CSRFHandler newInstance(CSRFHandler arg)
Copyright © 2021 Eclipse. All rights reserved.