new CSRFHandler()
This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set
with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header.
The behavior is to check the request body header and cookie for validity.
This Handler requires session support, thus should be added somewhere below Session and Body handlers.
- Source:
Methods
handle(arg0)
Parameters:
Name | Type | Description |
---|---|---|
arg0 |
RoutingContext |
- Source:
setCookieName(name) → {CSRFHandler}
Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks
might use other names.
Parameters:
Name | Type | Description |
---|---|---|
name |
string | a new name for the cookie. |
- Source:
Returns:
fluent
- Type
- CSRFHandler
setHeaderName(name) → {CSRFHandler}
Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other
frameworks might use other names.
Parameters:
Name | Type | Description |
---|---|---|
name |
string | a new name for the header. |
- Source:
Returns:
fluent
- Type
- CSRFHandler
setNagHttps(nag) → {CSRFHandler}
Should the handler give warning messages if this handler is used in other than https protocols?
Parameters:
Name | Type | Description |
---|---|---|
nag |
boolean | true to nag |
- Source:
Returns:
fluent
- Type
- CSRFHandler
setTimeout(timeout) → {CSRFHandler}
Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.
Parameters:
Name | Type | Description |
---|---|---|
timeout |
number | token timeout |
- Source:
Returns:
fluent
- Type
- CSRFHandler