Packages

case class CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, sameSiteCookie: Option[SameSite] = Some(SameSite.Lax), createIfNotFound: (RequestHeader) ⇒ Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) ⇒ Boolean = !CSRFConfig.SafeMethods.contains(_), checkContentType: (Option[String]) ⇒ Boolean = _ => true, headerName: String = "Csrf-Token", shouldProtect: (RequestHeader) ⇒ Boolean = _ => false, bypassCorsTrustedOrigins: Boolean = true) extends Product with Serializable

CSRF configuration.

tokenName

The name of the token.

cookieName

If defined, the name of the cookie to read the token from/write the token to.

secureCookie

If using a cookie, whether it should be secure.

httpOnlyCookie

If using a cookie, whether it should have the HTTP only flag.

sameSiteCookie

If using a cookie, the cookie's SameSite attribute.

postBodyBuffer

How much of the POST body should be buffered if checking the body for a token.

signTokens

Whether tokens should be signed.

checkMethod

Returns true if a request for that method should be checked.

checkContentType

Returns true if a request for that content type should be checked.

headerName

The name of the HTTP header to check for tokens from.

shouldProtect

A function that decides based on the headers of the request if a check is needed.

bypassCorsTrustedOrigins

Whether to bypass the CSRF check if the CORS filter trusts this origin

Source
csrf.scala
Linear Supertypes
Serializable, Serializable, Product, Equals, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. CSRFConfig
  2. Serializable
  3. Serializable
  4. Product
  5. Equals
  6. AnyRef
  7. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Instance Constructors

  1. new CSRFConfig()
  2. new CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, sameSiteCookie: Option[SameSite] = Some(SameSite.Lax), createIfNotFound: (RequestHeader) ⇒ Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) ⇒ Boolean = !CSRFConfig.SafeMethods.contains(_), checkContentType: (Option[String]) ⇒ Boolean = _ => true, headerName: String = "Csrf-Token", shouldProtect: (RequestHeader) ⇒ Boolean = _ => false, bypassCorsTrustedOrigins: Boolean = true)

    tokenName

    The name of the token.

    cookieName

    If defined, the name of the cookie to read the token from/write the token to.

    secureCookie

    If using a cookie, whether it should be secure.

    httpOnlyCookie

    If using a cookie, whether it should have the HTTP only flag.

    sameSiteCookie

    If using a cookie, the cookie's SameSite attribute.

    postBodyBuffer

    How much of the POST body should be buffered if checking the body for a token.

    signTokens

    Whether tokens should be signed.

    checkMethod

    Returns true if a request for that method should be checked.

    checkContentType

    Returns true if a request for that content type should be checked.

    headerName

    The name of the HTTP header to check for tokens from.

    shouldProtect

    A function that decides based on the headers of the request if a check is needed.

    bypassCorsTrustedOrigins

    Whether to bypass the CSRF check if the CORS filter trusts this origin

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. val bypassCorsTrustedOrigins: Boolean
  6. val checkContentType: (Option[String]) ⇒ Boolean
  7. val checkMethod: (String) ⇒ Boolean
  8. def clone(): AnyRef
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )
  9. val cookieName: Option[String]
  10. val createIfNotFound: (RequestHeader) ⇒ Boolean
  11. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  12. def finalize(): Unit
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  13. final def getClass(): Class[_]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  14. val headerName: String
  15. val httpOnlyCookie: Boolean
  16. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  17. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  18. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  19. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  20. val postBodyBuffer: Long
  21. val sameSiteCookie: Option[SameSite]
  22. val secureCookie: Boolean
  23. val shouldProtect: (RequestHeader) ⇒ Boolean
  24. val signTokens: Boolean
  25. final def synchronized[T0](arg0: ⇒ T0): T0
    Definition Classes
    AnyRef
  26. val tokenName: String
  27. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  28. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  29. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )
  30. def withBypassCorsTrustedOrigins(bypass: Boolean): CSRFConfig
  31. def withContentTypes(checkContentType: Predicate[Optional[String]]): CSRFConfig
  32. def withCookieName(cookieName: Optional[String]): CSRFConfig
  33. def withCreateIfNotFound(pred: Predicate[RequestHeader]): CSRFConfig
  34. def withHeaderName(headerName: String): CSRFConfig
  35. def withHttpOnlyCookie(isHttpOnly: Boolean): CSRFConfig
  36. def withMethods(checkMethod: Predicate[String]): CSRFConfig
  37. def withPostBodyBuffer(bufsize: Long): CSRFConfig
  38. def withSameSiteCookie(sameSite: Option[SameSite]): CSRFConfig
  39. def withSecureCookie(isSecure: Boolean): CSRFConfig
  40. def withShouldProtect(shouldProtect: Predicate[RequestHeader]): CSRFConfig
  41. def withSignTokens(signTokens: Boolean): CSRFConfig
  42. def withTokenName(tokenName: String): CSRFConfig

Inherited from Serializable

Inherited from Serializable

Inherited from Product

Inherited from Equals

Inherited from AnyRef

Inherited from Any

Ungrouped