An action that provides CSRF protection.
CSRF add token action.
CSRF check action.
CSRF check action.
Apply this to all actions that require a CSRF check.
The CSRF components.
CSRF configuration.
CSRF configuration.
The name of the token.
If defined, the name of the cookie to read the token from/write the token to.
If using a cookie, whether it should be secure.
If using a cookie, whether it should have the HTTP only flag.
How much of the POST body should be buffered if checking the body for a token.
Whether tokens should be signed.
Returns true if a request for that method should be checked.
Returns true if a request for that content type should be checked.
The name of the HTTP header to check for tokens from.
A function that decides based on the headers of the request if a check is needed.
Whether to bypass the CSRF check if the CORS filter trusts this origin
A filter that provides CSRF protection.
A filter that provides CSRF protection.
These must be by name parameters because the typical use case for instantiating the filter is in Global, which happens before the application is started. Since the default values for the parameters are loaded from config and hence depend on a started application, they must be by name.
The CSRF module.
CSRF add token action.
Apply this to all actions that render a form that contains a CSRF token.