public class CSRFHandler extends Object implements InputTrustHandler, Handler<RoutingContext>
original
non RX-ified interface using Vert.x codegen.Modifier and Type | Field and Description |
---|---|
static io.vertx.lang.rx.TypeArg<CSRFHandler> |
__TYPE_ARG |
static String |
DEFAULT_COOKIE_NAME |
static String |
DEFAULT_COOKIE_PATH |
static String |
DEFAULT_HEADER_NAME |
Constructor and Description |
---|
CSRFHandler(CSRFHandler delegate) |
CSRFHandler(Object delegate) |
Modifier and Type | Method and Description |
---|---|
static CSRFHandler |
create(Vertx vertx,
String secret)
Instantiate a new CSRFHandlerImpl with a secret
|
boolean |
equals(Object o) |
CSRFHandler |
getDelegate() |
void |
handle(RoutingContext event)
Something has happened, so handle it.
|
int |
hashCode() |
static CSRFHandler |
newInstance(CSRFHandler arg) |
CSRFHandler |
setCookieHttpOnly(boolean httpOnly)
Set the cookie
httpOnly attribute. |
CSRFHandler |
setCookieName(String name)
Set the cookie name.
|
CSRFHandler |
setCookiePath(String path)
Set the cookie path.
|
CSRFHandler |
setCookieSecure(boolean secure)
Sets the cookie
secure flag. |
CSRFHandler |
setHeaderName(String name)
Set the header name.
|
CSRFHandler |
setNagHttps(boolean nag)
Should the handler give warning messages if this handler is used in other than https protocols?
|
CSRFHandler |
setOrigin(String origin)
Set the origin for this server.
|
CSRFHandler |
setTimeout(long timeout)
Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.
|
String |
toString() |
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
newInstance
public static final io.vertx.lang.rx.TypeArg<CSRFHandler> __TYPE_ARG
public static final String DEFAULT_COOKIE_NAME
public static final String DEFAULT_COOKIE_PATH
public static final String DEFAULT_HEADER_NAME
public CSRFHandler(CSRFHandler delegate)
public CSRFHandler(Object delegate)
public CSRFHandler getDelegate()
getDelegate
in interface InputTrustHandler
public void handle(RoutingContext event)
handle
in interface Handler<RoutingContext>
handle
in interface InputTrustHandler
event
- the event to handlepublic static CSRFHandler create(Vertx vertx, String secret)
CSRFHandler.create("s3cr37")
vertx
- secret
- server secret to sign the token.public CSRFHandler setOrigin(String origin)
origin
- the origin for this server e.g.: https://www.foo.com
.public CSRFHandler setCookieName(String name)
name
- a new name for the cookie.public CSRFHandler setCookiePath(String path)
path
- a new path for the cookie.public CSRFHandler setCookieHttpOnly(boolean httpOnly)
httpOnly
attribute. When setting to false
the CSRF handler will behave in
Double Submit Cookie mode. When set to true
then it will operate in Cookie-to-header mode.
For more information https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookiehttpOnly
- a new name for the header.public CSRFHandler setCookieSecure(boolean secure)
secure
flag. When set this flag instructs browsers to only send the cookie over HTTPS.secure
- true to set the secure flag on the cookiepublic CSRFHandler setHeaderName(String name)
name
- a new name for the header.public CSRFHandler setNagHttps(boolean nag)
nag
- true to nagpublic CSRFHandler setTimeout(long timeout)
timeout
- token timeoutpublic static CSRFHandler newInstance(CSRFHandler arg)
Copyright © 2023 Eclipse. All rights reserved.