new CSRFHandler()
This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set
with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header.
The behavior is to check the request body header and cookie for validity.
This Handler requires session support, thus should be added somewhere below Session and Body handlers.
- Source:
Methods
handle(arg0)
Parameters:
Name | Type | Description |
---|---|---|
arg0 |
RoutingContext |
- Source:
setCookieName(name) → {CSRFHandler}
Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks
might use other names.
Parameters:
Name | Type | Description |
---|---|---|
name |
string | a new name for the cookie. |
- Source:
Returns:
fluent
- Type
- CSRFHandler
setCookiePath(path) → {CSRFHandler}
Set the cookie path. By default / is used.
Parameters:
Name | Type | Description |
---|---|---|
path |
string | a new path for the cookie. |
- Source:
Returns:
fluent
- Type
- CSRFHandler
setHeaderName(name) → {CSRFHandler}
Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other
frameworks might use other names.
Parameters:
Name | Type | Description |
---|---|---|
name |
string | a new name for the header. |
- Source:
Returns:
fluent
- Type
- CSRFHandler
setNagHttps(nag) → {CSRFHandler}
Should the handler give warning messages if this handler is used in other than https protocols?
Parameters:
Name | Type | Description |
---|---|---|
nag |
boolean | true to nag |
- Source:
Returns:
fluent
- Type
- CSRFHandler
setResponseBody(responseBody) → {CSRFHandler}
Set the body returned by the handler when the XSRF token is missing or invalid.
Parameters:
Name | Type | Description |
---|---|---|
responseBody |
string | the body of the response. If null, no response body will be returned. |
- Source:
Returns:
fluent
- Type
- CSRFHandler
setTimeout(timeout) → {CSRFHandler}
Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.
Parameters:
Name | Type | Description |
---|---|---|
timeout |
number | token timeout |
- Source:
Returns:
fluent
- Type
- CSRFHandler