case class CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, sameSiteCookie: Option[SameSite] = Some(SameSite.Lax), createIfNotFound: (RequestHeader) ⇒ Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) ⇒ Boolean = !CSRFConfig.SafeMethods.contains(_), checkContentType: (Option[String]) ⇒ Boolean = _ => true, headerName: String = "Csrf-Token", shouldProtect: (RequestHeader) ⇒ Boolean = _ => false, bypassCorsTrustedOrigins: Boolean = true) extends Product with Serializable
CSRF configuration.
- tokenName
The name of the token.
- cookieName
If defined, the name of the cookie to read the token from/write the token to.
- secureCookie
If using a cookie, whether it should be secure.
- httpOnlyCookie
If using a cookie, whether it should have the HTTP only flag.
- sameSiteCookie
If using a cookie, the cookie's SameSite attribute.
- postBodyBuffer
How much of the POST body should be buffered if checking the body for a token.
- signTokens
Whether tokens should be signed.
- checkMethod
Returns true if a request for that method should be checked.
- checkContentType
Returns true if a request for that content type should be checked.
- headerName
The name of the HTTP header to check for tokens from.
- shouldProtect
A function that decides based on the headers of the request if a check is needed.
- bypassCorsTrustedOrigins
Whether to bypass the CSRF check if the CORS filter trusts this origin
- Source
- csrf.scala
- Alphabetic
- By Inheritance
- CSRFConfig
- Serializable
- Serializable
- Product
- Equals
- AnyRef
- Any
- Hide All
- Show All
- Public
- All
Instance Constructors
- new CSRFConfig()
-
new
CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, sameSiteCookie: Option[SameSite] = Some(SameSite.Lax), createIfNotFound: (RequestHeader) ⇒ Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) ⇒ Boolean = !CSRFConfig.SafeMethods.contains(_), checkContentType: (Option[String]) ⇒ Boolean = _ => true, headerName: String = "Csrf-Token", shouldProtect: (RequestHeader) ⇒ Boolean = _ => false, bypassCorsTrustedOrigins: Boolean = true)
- tokenName
The name of the token.
- cookieName
If defined, the name of the cookie to read the token from/write the token to.
- secureCookie
If using a cookie, whether it should be secure.
- httpOnlyCookie
If using a cookie, whether it should have the HTTP only flag.
- sameSiteCookie
If using a cookie, the cookie's SameSite attribute.
- postBodyBuffer
How much of the POST body should be buffered if checking the body for a token.
- signTokens
Whether tokens should be signed.
- checkMethod
Returns true if a request for that method should be checked.
- checkContentType
Returns true if a request for that content type should be checked.
- headerName
The name of the HTTP header to check for tokens from.
- shouldProtect
A function that decides based on the headers of the request if a check is needed.
- bypassCorsTrustedOrigins
Whether to bypass the CSRF check if the CORS filter trusts this origin
Value Members
-
final
def
!=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
##(): Int
- Definition Classes
- AnyRef → Any
-
final
def
==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
asInstanceOf[T0]: T0
- Definition Classes
- Any
- val bypassCorsTrustedOrigins: Boolean
- val checkContentType: (Option[String]) ⇒ Boolean
- val checkMethod: (String) ⇒ Boolean
-
def
clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( ... ) @native()
- val cookieName: Option[String]
- val createIfNotFound: (RequestHeader) ⇒ Boolean
-
final
def
eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
def
finalize(): Unit
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( classOf[java.lang.Throwable] )
-
final
def
getClass(): Class[_]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
- val headerName: String
- val httpOnlyCookie: Boolean
-
final
def
isInstanceOf[T0]: Boolean
- Definition Classes
- Any
-
final
def
ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
final
def
notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
-
final
def
notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- val postBodyBuffer: Long
- val sameSiteCookie: Option[SameSite]
- val secureCookie: Boolean
- val shouldProtect: (RequestHeader) ⇒ Boolean
- val signTokens: Boolean
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
- Definition Classes
- AnyRef
- val tokenName: String
-
final
def
wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... ) @native()
- def withBypassCorsTrustedOrigins(bypass: Boolean): CSRFConfig
- def withContentTypes(checkContentType: Predicate[Optional[String]]): CSRFConfig
- def withCookieName(cookieName: Optional[String]): CSRFConfig
- def withCreateIfNotFound(pred: Predicate[RequestHeader]): CSRFConfig
- def withHeaderName(headerName: String): CSRFConfig
- def withHttpOnlyCookie(isHttpOnly: Boolean): CSRFConfig
- def withMethods(checkMethod: Predicate[String]): CSRFConfig
- def withPostBodyBuffer(bufsize: Long): CSRFConfig
- def withSameSiteCookie(sameSite: Option[SameSite]): CSRFConfig
- def withSecureCookie(isSecure: Boolean): CSRFConfig
- def withShouldProtect(shouldProtect: Predicate[RequestHeader]): CSRFConfig
- def withSignTokens(signTokens: Boolean): CSRFConfig
- def withTokenName(tokenName: String): CSRFConfig