This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header.
The behavior is to check the request body header and cookie for validity.
This Handler requires session support, thus should be added somewhere below Session and Body handlers.
Anything
Object
CSRFHandler
Basic
Identifiable
Object
Anything
no subtypes hierarchy
Initializer |
CSRFHandler(CSRFHandler unknown) |
Inherited Attributes |
Attributes inherited from: Object hash , string |
Methods | |
handle | shared default void handle(RoutingContext arg0) |
setCookieName | shared default CSRFHandler setCookieName(String name) Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names. Parameters:
|
setHeaderName | shared default CSRFHandler setHeaderName(String name) Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names. Parameters:
|
setNagHttps | shared default CSRFHandler setNagHttps(Boolean nag) Should the handler give warning messages if this handler is used in other than https protocols? Parameters:
|
setTimeout | shared default CSRFHandler setTimeout(Integer timeout) Set the timeout for tokens generated by the handler, by default it uses the default from the session handler. Parameters:
|
Inherited Methods |
Methods inherited from: Object equals |