play.filters.csrf

CSRFConfig

Related Docs: object CSRFConfig | package csrf

case class CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, createIfNotFound: (RequestHeader) ⇒ Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) ⇒ Boolean = CSRFConfig.UnsafeMethods, checkContentType: (Option[String]) ⇒ Boolean = ..., headerName: String = "Csrf-Token", headerBypass: Boolean = true) extends Product with Serializable

CSRF configuration.

tokenName

The name of the token.

cookieName

If defined, the name of the cookie to read the token from/write the token to.

secureCookie

If using a cookie, whether it should be secure.

httpOnlyCookie

If using a cookie, whether it should have the HTTP only flag.

postBodyBuffer

How much of the POST body should be buffered if checking the body for a token.

signTokens

Whether tokens should be signed.

checkMethod

Returns true if a request for that method should be checked.

checkContentType

Returns true if a request for that content type should be checked.

headerName

The name of the HTTP header to check for tokens from.

headerBypass

Whether CSRF check can be bypassed by the presence of certain headers, such as X-Requested-By.

Source
csrf.scala
Linear Supertypes
Serializable, Serializable, Product, Equals, AnyRef, Any
Ordering
  1. Alphabetic
  2. By inheritance
Inherited
  1. CSRFConfig
  2. Serializable
  3. Serializable
  4. Product
  5. Equals
  6. AnyRef
  7. Any
  1. Hide All
  2. Show all
Learn more about member selection
Visibility
  1. Public
  2. All

Instance Constructors

  1. new CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, createIfNotFound: (RequestHeader) ⇒ Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) ⇒ Boolean = CSRFConfig.UnsafeMethods, checkContentType: (Option[String]) ⇒ Boolean = ..., headerName: String = "Csrf-Token", headerBypass: Boolean = true)

    tokenName

    The name of the token.

    cookieName

    If defined, the name of the cookie to read the token from/write the token to.

    secureCookie

    If using a cookie, whether it should be secure.

    httpOnlyCookie

    If using a cookie, whether it should have the HTTP only flag.

    postBodyBuffer

    How much of the POST body should be buffered if checking the body for a token.

    signTokens

    Whether tokens should be signed.

    checkMethod

    Returns true if a request for that method should be checked.

    checkContentType

    Returns true if a request for that content type should be checked.

    headerName

    The name of the HTTP header to check for tokens from.

    headerBypass

    Whether CSRF check can be bypassed by the presence of certain headers, such as X-Requested-By.

Value Members

  1. final def !=(arg0: Any): Boolean

    Definition Classes
    AnyRef → Any

  2. final def ##(): Int

    Definition Classes
    AnyRef → Any

  3. final def ==(arg0: Any): Boolean

    Definition Classes
    AnyRef → Any

  4. final def asInstanceOf[T0]: T0

    Definition Classes
    Any

  5. val checkContentType: (Option[String]) ⇒ Boolean

    Returns true if a request for that content type should be checked.

  6. val checkMethod: (String) ⇒ Boolean

    Returns true if a request for that method should be checked.

  7. def clone(): AnyRef

    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  8. val cookieName: Option[String]

    If defined, the name of the cookie to read the token from/write the token to.

  9. val createIfNotFound: (RequestHeader) ⇒ Boolean

  10. final def eq(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef

  11. def finalize(): Unit

    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )

  12. final def getClass(): Class[_]

    Definition Classes
    AnyRef → Any

  13. val headerBypass: Boolean

    Whether CSRF check can be bypassed by the presence of certain headers, such as X-Requested-By.

  14. val headerName: String

    The name of the HTTP header to check for tokens from.

  15. val httpOnlyCookie: Boolean

    If using a cookie, whether it should have the HTTP only flag.

  16. final def isInstanceOf[T0]: Boolean

    Definition Classes
    Any

  17. final def ne(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef

  18. final def notify(): Unit

    Definition Classes
    AnyRef

  19. final def notifyAll(): Unit

    Definition Classes
    AnyRef

  20. val postBodyBuffer: Long

    How much of the POST body should be buffered if checking the body for a token.

  21. val secureCookie: Boolean

    If using a cookie, whether it should be secure.

  22. val signTokens: Boolean

    Whether tokens should be signed.

  23. final def synchronized[T0](arg0: ⇒ T0): T0

    Definition Classes
    AnyRef

  24. val tokenName: String

    The name of the token.

  25. final def wait(): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  26. final def wait(arg0: Long, arg1: Int): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  27. final def wait(arg0: Long): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

Inherited from Serializable

Inherited from Serializable

Inherited from Product

Inherited from Equals

Inherited from AnyRef

Inherited from Any

Ungrouped