Type Members

1.  class CSRFAction extends EssentialAction

   An action that provides CSRF protection.

2.  class CSRFActionHelper extends AnyRef
3.  case class CSRFAddToken(config: CSRFConfig, crypto: CSRFTokenSigner, sessionConfiguration: SessionConfiguration) extends Product with Serializable

   CSRF add token action.

   CSRF add token action.

   Apply this to all actions that render a form that contains a CSRF token.

4.  case class CSRFCheck(config: CSRFConfig, tokenSigner: CSRFTokenSigner, sessionConfiguration: SessionConfiguration) extends Product with Serializable

   CSRF check action.

   CSRF check action.

   Apply this to all actions that require a CSRF check.

5.  trait CSRFComponents extends AnyRef

   The CSRF components.

6.  case class CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, sameSiteCookie: Option[SameSite] = Some(SameSite.Lax), createIfNotFound: (RequestHeader) => Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) => Boolean = !CSRFConfig.SafeMethods.contains(_), checkContentType: (Option[String]) => Boolean = _ => true, headerName: String = "Csrf-Token", shouldProtect: (RequestHeader) => Boolean = _ => false, bypassCorsTrustedOrigins: Boolean = true) extends Product with Serializable

   CSRF configuration.

   CSRF configuration.

   tokenName

   The name of the token.

   cookieName

   If defined, the name of the cookie to read the token from/write the token to.

   secureCookie

   If using a cookie, whether it should be secure.

   httpOnlyCookie

   If using a cookie, whether it should have the HTTP only flag.

   sameSiteCookie

   If using a cookie, the cookie's SameSite attribute.

   postBodyBuffer

   How much of the POST body should be buffered if checking the body for a token.

   signTokens

   Whether tokens should be signed.

   checkMethod

   Returns true if a request for that method should be checked.

   checkContentType

   Returns true if a request for that content type should be checked.

   headerName

   The name of the HTTP header to check for tokens from.

   shouldProtect

   A function that decides based on the headers of the request if a check is needed.

   bypassCorsTrustedOrigins

   Whether to bypass the CSRF check if the CORS filter trusts this origin

7.  class CSRFConfigProvider extends Provider[CSRFConfig]

   Annotations

   @Singleton()

8.  class CSRFFilter extends EssentialFilter

   A filter that provides CSRF protection.

   A filter that provides CSRF protection.

   These must be by name parameters because the typical use case for instantiating the filter is in Global, which happens before the application is started. Since the default values for the parameters are loaded from config and hence depend on a started application, they must be by name.

9.  class CSRFModule extends Module

   The CSRF module.