This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header.

The behavior is to check the request body header and cookie for validity.

This Handler requires session support, thus should be added somewhere below Session and Body handlers.

no subtypes hierarchy

Initializer
CSRFHandler(CSRFHandler unknown)
Inherited Attributes
Attributes inherited from: Object
hash, string
Methods
handleshared default void handle(RoutingContext arg0)
setCookieNameshared default CSRFHandler setCookieName(String name)

Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.

Parameters:
  • name

    a new name for the cookie.

setCookiePathshared default CSRFHandler setCookiePath(String path)

Set the cookie path. By default / is used.

Parameters:
  • path

    a new path for the cookie.

setHeaderNameshared default CSRFHandler setHeaderName(String name)

Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.

Parameters:
  • name

    a new name for the header.

setNagHttpsshared default CSRFHandler setNagHttps(Boolean nag)

Should the handler give warning messages if this handler is used in other than https protocols?

Parameters:
  • nag

    true to nag

setResponseBodyshared default CSRFHandler setResponseBody(String responseBody)

Set the body returned by the handler when the XSRF token is missing or invalid.

Parameters:
  • responseBody

    the body of the response. If null, no response body will be returned.

setTimeoutshared default CSRFHandler setTimeout(Integer timeout)

Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.

Parameters:
  • timeout

    token timeout

Inherited Methods
Methods inherited from: Object
equals