@CompileStatic class CSRFHandler
This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header. The behavior is to check the request body header and cookie for validity. This Handler requires session support, thus should be added somewhere below Session and Body handlers.
| Constructor and description |
|---|
CSRFHandler
(Object delegate) |
| Type | Name and description |
|---|---|
static CSRFHandler |
create(String secret)Instantiate a new CSRFHandlerImpl with a secret |
Object |
getDelegate() |
void |
handle(RoutingContext arg0) |
CSRFHandler |
setCookieName(String name)Set the cookie name. |
CSRFHandler |
setHeaderName(String name)Set the header name. |
CSRFHandler |
setNagHttps(boolean nag)Should the handler give warning messages if this handler is used in other than https protocols? |
CSRFHandler |
setTimeout(long timeout)Set the timeout for tokens generated by the handler, by default it uses the default from the session handler. |
Instantiate a new CSRFHandlerImpl with a secret
CSRFHandler.create("s3cr37")
secret - server secret to sign the token.Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.
name - a new name for the cookie.Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.
name - a new name for the header.Should the handler give warning messages if this handler is used in other than https protocols?
nag - true to nagSet the timeout for tokens generated by the handler, by default it uses the default from the session handler.
timeout - token timeoutio.vertx:vertx-web:3.1.0