case class CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, sameSiteCookie: Option[SameSite] = Some(SameSite.Lax), createIfNotFound: (RequestHeader) => Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) => Boolean = !CSRFConfig.SafeMethods.contains(_), checkContentType: (Option[String]) => Boolean = _ => true, headerName: String = "Csrf-Token", shouldProtect: (RequestHeader) => Boolean = _ => false, bypassCorsTrustedOrigins: Boolean = true) extends Product with Serializable
CSRF configuration.
- tokenName
The name of the token.
- cookieName
If defined, the name of the cookie to read the token from/write the token to.
- secureCookie
If using a cookie, whether it should be secure.
- httpOnlyCookie
If using a cookie, whether it should have the HTTP only flag.
- sameSiteCookie
If using a cookie, the cookie's SameSite attribute.
- postBodyBuffer
How much of the POST body should be buffered if checking the body for a token.
- signTokens
Whether tokens should be signed.
- checkMethod
Returns true if a request for that method should be checked.
- checkContentType
Returns true if a request for that content type should be checked.
- headerName
The name of the HTTP header to check for tokens from.
- shouldProtect
A function that decides based on the headers of the request if a check is needed.
- bypassCorsTrustedOrigins
Whether to bypass the CSRF check if the CORS filter trusts this origin
- Source
- csrf.scala
- Alphabetic
- By Inheritance
- CSRFConfig
- Serializable
- Product
- Equals
- AnyRef
- Any
- Hide All
- Show All
- Public
- Protected
Instance Constructors
- new CSRFConfig()
- new CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, sameSiteCookie: Option[SameSite] = Some(SameSite.Lax), createIfNotFound: (RequestHeader) => Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) => Boolean = !CSRFConfig.SafeMethods.contains(_), checkContentType: (Option[String]) => Boolean = _ => true, headerName: String = "Csrf-Token", shouldProtect: (RequestHeader) => Boolean = _ => false, bypassCorsTrustedOrigins: Boolean = true)
- tokenName
The name of the token.
- cookieName
If defined, the name of the cookie to read the token from/write the token to.
- secureCookie
If using a cookie, whether it should be secure.
- httpOnlyCookie
If using a cookie, whether it should have the HTTP only flag.
- sameSiteCookie
If using a cookie, the cookie's SameSite attribute.
- postBodyBuffer
How much of the POST body should be buffered if checking the body for a token.
- signTokens
Whether tokens should be signed.
- checkMethod
Returns true if a request for that method should be checked.
- checkContentType
Returns true if a request for that content type should be checked.
- headerName
The name of the HTTP header to check for tokens from.
- shouldProtect
A function that decides based on the headers of the request if a check is needed.
- bypassCorsTrustedOrigins
Whether to bypass the CSRF check if the CORS filter trusts this origin
Value Members
- final def !=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def ##: Int
- Definition Classes
- AnyRef → Any
- final def ==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
- final def asInstanceOf[T0]: T0
- Definition Classes
- Any
- val bypassCorsTrustedOrigins: Boolean
- val checkContentType: (Option[String]) => Boolean
- val checkMethod: (String) => Boolean
- def clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.CloneNotSupportedException]) @HotSpotIntrinsicCandidate() @native()
- val cookieName: Option[String]
- val createIfNotFound: (RequestHeader) => Boolean
- final def eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def getClass(): Class[_ <: AnyRef]
- Definition Classes
- AnyRef → Any
- Annotations
- @HotSpotIntrinsicCandidate() @native()
- val headerName: String
- val httpOnlyCookie: Boolean
- final def isInstanceOf[T0]: Boolean
- Definition Classes
- Any
- final def ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
- final def notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @HotSpotIntrinsicCandidate() @native()
- final def notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @HotSpotIntrinsicCandidate() @native()
- val postBodyBuffer: Long
- def productElementNames: Iterator[String]
- Definition Classes
- Product
- val sameSiteCookie: Option[SameSite]
- val secureCookie: Boolean
- val shouldProtect: (RequestHeader) => Boolean
- val signTokens: Boolean
- final def synchronized[T0](arg0: => T0): T0
- Definition Classes
- AnyRef
- val tokenName: String
- final def wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- final def wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException]) @native()
- final def wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.InterruptedException])
- def withBypassCorsTrustedOrigins(bypass: Boolean): CSRFConfig
- def withContentTypes(checkContentType: Predicate[Optional[String]]): CSRFConfig
- def withCookieName(cookieName: Optional[String]): CSRFConfig
- def withCreateIfNotFound(pred: Predicate[RequestHeader]): CSRFConfig
- def withHeaderName(headerName: String): CSRFConfig
- def withHttpOnlyCookie(isHttpOnly: Boolean): CSRFConfig
- def withMethods(checkMethod: Predicate[String]): CSRFConfig
- def withPostBodyBuffer(bufsize: Long): CSRFConfig
- def withSameSiteCookie(sameSite: Option[SameSite]): CSRFConfig
- def withSecureCookie(isSecure: Boolean): CSRFConfig
- def withShouldProtect(shouldProtect: Predicate[RequestHeader]): CSRFConfig
- def withSignTokens(signTokens: Boolean): CSRFConfig
- def withTokenName(tokenName: String): CSRFConfig
Deprecated Value Members
- def finalize(): Unit
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws(classOf[java.lang.Throwable]) @Deprecated
- Deprecated
(Since version 9)