play.filters

csrf

package csrf

Visibility
  1. Public
  2. All

Type Members

  1. class CSRFAction extends EssentialAction

    An action that provides CSRF protection.

  2. trait CSRFComponents extends AnyRef

    The CSRF components.

  3. case class CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, createIfNotFound: (RequestHeader) ⇒ Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) ⇒ Boolean = CSRFConfig.UnsafeMethods, checkContentType: (Option[String]) ⇒ Boolean = ..., headerName: String = "Csrf-Token", headerBypass: Boolean = true) extends Product with Serializable

    CSRF configuration.

    CSRF configuration.

    tokenName

    The name of the token.

    cookieName

    If defined, the name of the cookie to read the token from/write the token to.

    secureCookie

    If using a cookie, whether it should be secure.

    httpOnlyCookie

    If using a cookie, whether it should have the HTTP only flag.

    postBodyBuffer

    How much of the POST body should be buffered if checking the body for a token.

    signTokens

    Whether tokens should be signed.

    checkMethod

    Returns true if a request for that method should be checked.

    checkContentType

    Returns true if a request for that content type should be checked.

    headerName

    The name of the HTTP header to check for tokens from.

    headerBypass

    Whether CSRF check can be bypassed by the presence of certain headers, such as X-Requested-By.

  4. class CSRFConfigProvider extends Provider[CSRFConfig]

    Annotations
    @Singleton()

  5. class CSRFFilter extends EssentialFilter

    A filter that provides CSRF protection.

    A filter that provides CSRF protection.

    These must be by name parameters because the typical use case for instantiating the filter is in Global, which happens before the application is started. Since the default values for the parameters are loaded from config and hence depend on a started application, they must be by name.

  6. class CSRFModule extends Module

    The CSRF module.

Value Members

  1. object CSRF

  2. object CSRFAction

  3. object CSRFAddToken

    CSRF add token action.

    CSRF add token action.

    Apply this to all actions that render a form that contains a CSRF token.

  4. object CSRFCheck

    CSRF check action.

    CSRF check action.

    Apply this to all actions that require a CSRF check.

  5. object CSRFConfig extends Serializable

  6. object CSRFFilter

Ungrouped