Class/Object

play.filters.csrf

CSRFConfig

Related Docs: object CSRFConfig | package csrf

Permalink

case class CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, createIfNotFound: (RequestHeader) ⇒ Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) ⇒ Boolean = !CSRFConfig.SafeMethods.contains(_), checkContentType: (Option[String]) ⇒ Boolean = _ => true, headerName: String = "Csrf-Token", shouldProtect: (RequestHeader) ⇒ Boolean = _ => false, bypassCorsTrustedOrigins: Boolean = true) extends Product with Serializable

CSRF configuration.

tokenName

The name of the token.

cookieName

If defined, the name of the cookie to read the token from/write the token to.

secureCookie

If using a cookie, whether it should be secure.

httpOnlyCookie

If using a cookie, whether it should have the HTTP only flag.

postBodyBuffer

How much of the POST body should be buffered if checking the body for a token.

signTokens

Whether tokens should be signed.

checkMethod

Returns true if a request for that method should be checked.

checkContentType

Returns true if a request for that content type should be checked.

headerName

The name of the HTTP header to check for tokens from.

shouldProtect

A function that decides based on the headers of the request if a check is needed.

bypassCorsTrustedOrigins

Whether to bypass the CSRF check if the CORS filter trusts this origin

Source
csrf.scala
Linear Supertypes
Serializable, Serializable, Product, Equals, AnyRef, Any
Ordering
  1. Alphabetic
  2. By inheritance
Inherited
  1. CSRFConfig
  2. Serializable
  3. Serializable
  4. Product
  5. Equals
  6. AnyRef
  7. Any
  1. Hide All
  2. Show all
Visibility
  1. Public
  2. All

Instance Constructors

  1. new CSRFConfig()

    Permalink
  2. new CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, createIfNotFound: (RequestHeader) ⇒ Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) ⇒ Boolean = !CSRFConfig.SafeMethods.contains(_), checkContentType: (Option[String]) ⇒ Boolean = _ => true, headerName: String = "Csrf-Token", shouldProtect: (RequestHeader) ⇒ Boolean = _ => false, bypassCorsTrustedOrigins: Boolean = true)

    Permalink

    tokenName

    The name of the token.

    cookieName

    If defined, the name of the cookie to read the token from/write the token to.

    secureCookie

    If using a cookie, whether it should be secure.

    httpOnlyCookie

    If using a cookie, whether it should have the HTTP only flag.

    postBodyBuffer

    How much of the POST body should be buffered if checking the body for a token.

    signTokens

    Whether tokens should be signed.

    checkMethod

    Returns true if a request for that method should be checked.

    checkContentType

    Returns true if a request for that content type should be checked.

    headerName

    The name of the HTTP header to check for tokens from.

    shouldProtect

    A function that decides based on the headers of the request if a check is needed.

    bypassCorsTrustedOrigins

    Whether to bypass the CSRF check if the CORS filter trusts this origin

Value Members

  1. final def !=(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int

    Permalink
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0

    Permalink
    Definition Classes
    Any
  5. val bypassCorsTrustedOrigins: Boolean

    Permalink

    Whether to bypass the CSRF check if the CORS filter trusts this origin

  6. val checkContentType: (Option[String]) ⇒ Boolean

    Permalink

    Returns true if a request for that content type should be checked.

  7. val checkMethod: (String) ⇒ Boolean

    Permalink

    Returns true if a request for that method should be checked.

  8. def clone(): AnyRef

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  9. val cookieName: Option[String]

    Permalink

    If defined, the name of the cookie to read the token from/write the token to.

  10. val createIfNotFound: (RequestHeader) ⇒ Boolean

    Permalink
  11. final def eq(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef
  12. def finalize(): Unit

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  13. final def getClass(): Class[_]

    Permalink
    Definition Classes
    AnyRef → Any
  14. val headerName: String

    Permalink

    The name of the HTTP header to check for tokens from.

  15. val httpOnlyCookie: Boolean

    Permalink

    If using a cookie, whether it should have the HTTP only flag.

  16. final def isInstanceOf[T0]: Boolean

    Permalink
    Definition Classes
    Any
  17. final def ne(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef
  18. final def notify(): Unit

    Permalink
    Definition Classes
    AnyRef
  19. final def notifyAll(): Unit

    Permalink
    Definition Classes
    AnyRef
  20. val postBodyBuffer: Long

    Permalink

    How much of the POST body should be buffered if checking the body for a token.

  21. val secureCookie: Boolean

    Permalink

    If using a cookie, whether it should be secure.

  22. val shouldProtect: (RequestHeader) ⇒ Boolean

    Permalink

    A function that decides based on the headers of the request if a check is needed.

  23. val signTokens: Boolean

    Permalink

    Whether tokens should be signed.

  24. final def synchronized[T0](arg0: ⇒ T0): T0

    Permalink
    Definition Classes
    AnyRef
  25. val tokenName: String

    Permalink

    The name of the token.

  26. final def wait(): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  27. final def wait(arg0: Long, arg1: Int): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  28. final def wait(arg0: Long): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  29. def withBypassCorsTrustedOrigins(bypass: Boolean): CSRFConfig

    Permalink
  30. def withContentTypes(checkContentType: Predicate[Optional[String]]): CSRFConfig

    Permalink
  31. def withCookieName(cookieName: Optional[String]): CSRFConfig

    Permalink
  32. def withCreateIfNotFound(pred: Predicate[RequestHeader]): CSRFConfig

    Permalink
  33. def withHeaderName(headerName: String): CSRFConfig

    Permalink
  34. def withHttpOnlyCookie(isHttpOnly: Boolean): CSRFConfig

    Permalink
  35. def withMethods(checkMethod: Predicate[String]): CSRFConfig

    Permalink
  36. def withPostBodyBuffer(bufsize: Long): CSRFConfig

    Permalink
  37. def withSecureCookie(isSecure: Boolean): CSRFConfig

    Permalink
  38. def withShouldProtect(shouldProtect: Predicate[RequestHeader]): CSRFConfig

    Permalink
  39. def withSignTokens(signTokens: Boolean): CSRFConfig

    Permalink
  40. def withTokenName(tokenName: String): CSRFConfig

    Permalink

Inherited from Serializable

Inherited from Serializable

Inherited from Product

Inherited from Equals

Inherited from AnyRef

Inherited from Any

Ungrouped