package csrf
- Alphabetic
- Public
- Protected
Type Members
- class CSRFAction extends EssentialAction
An action that provides CSRF protection.
- class CSRFActionHelper extends AnyRef
- case class CSRFAddToken(config: CSRFConfig, crypto: CSRFTokenSigner, sessionConfiguration: SessionConfiguration) extends Product with Serializable
CSRF add token action.
CSRF add token action.
Apply this to all actions that render a form that contains a CSRF token.
- case class CSRFCheck(config: CSRFConfig, tokenSigner: CSRFTokenSigner, sessionConfiguration: SessionConfiguration) extends Product with Serializable
CSRF check action.
CSRF check action.
Apply this to all actions that require a CSRF check.
- trait CSRFComponents extends AnyRef
The CSRF components.
- case class CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, sameSiteCookie: Option[SameSite] = Some(SameSite.Lax), createIfNotFound: (RequestHeader) => Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) => Boolean = !CSRFConfig.SafeMethods.contains(_), checkContentType: (Option[String]) => Boolean = _ => true, headerName: String = "Csrf-Token", shouldProtect: (RequestHeader) => Boolean = _ => false, bypassCorsTrustedOrigins: Boolean = true) extends Product with Serializable
CSRF configuration.
CSRF configuration.
- tokenName
The name of the token.
- cookieName
If defined, the name of the cookie to read the token from/write the token to.
- secureCookie
If using a cookie, whether it should be secure.
- httpOnlyCookie
If using a cookie, whether it should have the HTTP only flag.
- sameSiteCookie
If using a cookie, the cookie's SameSite attribute.
- postBodyBuffer
How much of the POST body should be buffered if checking the body for a token.
- signTokens
Whether tokens should be signed.
- checkMethod
Returns true if a request for that method should be checked.
- checkContentType
Returns true if a request for that content type should be checked.
- headerName
The name of the HTTP header to check for tokens from.
- shouldProtect
A function that decides based on the headers of the request if a check is needed.
- bypassCorsTrustedOrigins
Whether to bypass the CSRF check if the CORS filter trusts this origin
- class CSRFConfigProvider extends Provider[CSRFConfig]
- Annotations
- @Singleton()
- class CSRFFilter extends EssentialFilter
A filter that provides CSRF protection.
A filter that provides CSRF protection.
These must be by name parameters because the typical use case for instantiating the filter is in Global, which happens before the application is started. Since the default values for the parameters are loaded from config and hence depend on a started application, they must be by name.
- class CSRFModule extends Module
The CSRF module.
Value Members
- object CSRF
- object CSRFConfig extends Serializable