Packages

package csrf

Ordering
  1. Alphabetic
Visibility
  1. Public
  2. All

Type Members

  1. class CSRFAction extends EssentialAction

    An action that provides CSRF protection.

  2. class CSRFActionHelper extends AnyRef
  3. case class CSRFAddToken(config: CSRFConfig, crypto: CSRFTokenSigner, sessionConfiguration: SessionConfiguration) extends Product with Serializable

    CSRF add token action.

    CSRF add token action.

    Apply this to all actions that render a form that contains a CSRF token.

  4. case class CSRFCheck(config: CSRFConfig, tokenSigner: CSRFTokenSigner, sessionConfiguration: SessionConfiguration) extends Product with Serializable

    CSRF check action.

    CSRF check action.

    Apply this to all actions that require a CSRF check.

  5. trait CSRFComponents extends AnyRef

    The CSRF components.

  6. case class CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, sameSiteCookie: Option[SameSite] = Some(SameSite.Lax), createIfNotFound: (RequestHeader) => Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) => Boolean = !CSRFConfig.SafeMethods.contains(_), checkContentType: (Option[String]) => Boolean = _ => true, headerName: String = "Csrf-Token", shouldProtect: (RequestHeader) => Boolean = _ => false, bypassCorsTrustedOrigins: Boolean = true) extends Product with Serializable

    CSRF configuration.

    CSRF configuration.

    tokenName

    The name of the token.

    cookieName

    If defined, the name of the cookie to read the token from/write the token to.

    secureCookie

    If using a cookie, whether it should be secure.

    httpOnlyCookie

    If using a cookie, whether it should have the HTTP only flag.

    sameSiteCookie

    If using a cookie, the cookie's SameSite attribute.

    postBodyBuffer

    How much of the POST body should be buffered if checking the body for a token.

    signTokens

    Whether tokens should be signed.

    checkMethod

    Returns true if a request for that method should be checked.

    checkContentType

    Returns true if a request for that content type should be checked.

    headerName

    The name of the HTTP header to check for tokens from.

    shouldProtect

    A function that decides based on the headers of the request if a check is needed.

    bypassCorsTrustedOrigins

    Whether to bypass the CSRF check if the CORS filter trusts this origin

  7. class CSRFConfigProvider extends Provider[CSRFConfig]
    Annotations
    @Singleton()
  8. class CSRFFilter extends EssentialFilter

    A filter that provides CSRF protection.

    A filter that provides CSRF protection.

    These must be by name parameters because the typical use case for instantiating the filter is in Global, which happens before the application is started. Since the default values for the parameters are loaded from config and hence depend on a started application, they must be by name.

  9. class CSRFModule extends Module

    The CSRF module.

Value Members

  1. object CSRF
  2. object CSRFConfig extends Serializable

Ungrouped