Packages

case class CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, sameSiteCookie: Option[SameSite] = Some(SameSite.Lax), createIfNotFound: (RequestHeader) ⇒ Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) ⇒ Boolean = !CSRFConfig.SafeMethods.contains(_), checkContentType: (Option[String]) ⇒ Boolean = _ => true, headerName: String = "Csrf-Token", shouldProtect: (RequestHeader) ⇒ Boolean = _ => false, bypassCorsTrustedOrigins: Boolean = true) extends Product with Serializable

CSRF configuration.

tokenName

The name of the token.

cookieName

If defined, the name of the cookie to read the token from/write the token to.

secureCookie

If using a cookie, whether it should be secure.

httpOnlyCookie

If using a cookie, whether it should have the HTTP only flag.

sameSiteCookie

If using a cookie, the cookie's SameSite attribute.

postBodyBuffer

How much of the POST body should be buffered if checking the body for a token.

signTokens

Whether tokens should be signed.

checkMethod

Returns true if a request for that method should be checked.

checkContentType

Returns true if a request for that content type should be checked.

headerName

The name of the HTTP header to check for tokens from.

shouldProtect

A function that decides based on the headers of the request if a check is needed.

bypassCorsTrustedOrigins

Whether to bypass the CSRF check if the CORS filter trusts this origin

Source
csrf.scala
Linear Supertypes
Serializable, Serializable, Product, Equals, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. CSRFConfig
  2. Serializable
  3. Serializable
  4. Product
  5. Equals
  6. AnyRef
  7. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Instance Constructors

  1. new CSRFConfig()
  2. new CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, sameSiteCookie: Option[SameSite] = Some(SameSite.Lax), createIfNotFound: (RequestHeader) ⇒ Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) ⇒ Boolean = !CSRFConfig.SafeMethods.contains(_), checkContentType: (Option[String]) ⇒ Boolean = _ => true, headerName: String = "Csrf-Token", shouldProtect: (RequestHeader) ⇒ Boolean = _ => false, bypassCorsTrustedOrigins: Boolean = true)

    tokenName

    The name of the token.

    cookieName

    If defined, the name of the cookie to read the token from/write the token to.

    secureCookie

    If using a cookie, whether it should be secure.

    httpOnlyCookie

    If using a cookie, whether it should have the HTTP only flag.

    sameSiteCookie

    If using a cookie, the cookie's SameSite attribute.

    postBodyBuffer

    How much of the POST body should be buffered if checking the body for a token.

    signTokens

    Whether tokens should be signed.

    checkMethod

    Returns true if a request for that method should be checked.

    checkContentType

    Returns true if a request for that content type should be checked.

    headerName

    The name of the HTTP header to check for tokens from.

    shouldProtect

    A function that decides based on the headers of the request if a check is needed.

    bypassCorsTrustedOrigins

    Whether to bypass the CSRF check if the CORS filter trusts this origin

Value Members

  1. val bypassCorsTrustedOrigins: Boolean
  2. val checkContentType: (Option[String]) ⇒ Boolean
  3. val checkMethod: (String) ⇒ Boolean
  4. val cookieName: Option[String]
  5. val createIfNotFound: (RequestHeader) ⇒ Boolean
  6. val headerName: String
  7. val httpOnlyCookie: Boolean
  8. val postBodyBuffer: Long
  9. val sameSiteCookie: Option[SameSite]
  10. val secureCookie: Boolean
  11. val shouldProtect: (RequestHeader) ⇒ Boolean
  12. val signTokens: Boolean
  13. val tokenName: String
  14. def withBypassCorsTrustedOrigins(bypass: Boolean): CSRFConfig
  15. def withContentTypes(checkContentType: Predicate[Optional[String]]): CSRFConfig
  16. def withCookieName(cookieName: Optional[String]): CSRFConfig
  17. def withCreateIfNotFound(pred: Predicate[RequestHeader]): CSRFConfig
  18. def withHeaderName(headerName: String): CSRFConfig
  19. def withHttpOnlyCookie(isHttpOnly: Boolean): CSRFConfig
  20. def withMethods(checkMethod: Predicate[String]): CSRFConfig
  21. def withPostBodyBuffer(bufsize: Long): CSRFConfig
  22. def withSameSiteCookie(sameSite: Option[SameSite]): CSRFConfig
  23. def withSecureCookie(isSecure: Boolean): CSRFConfig
  24. def withShouldProtect(shouldProtect: Predicate[RequestHeader]): CSRFConfig
  25. def withSignTokens(signTokens: Boolean): CSRFConfig
  26. def withTokenName(tokenName: String): CSRFConfig