Package io.vertx.rxjava3.ext.web.handler
Class CSRFHandler
- java.lang.Object
-
- io.vertx.rxjava3.ext.web.handler.CSRFHandler
-
- All Implemented Interfaces:
Handler<RoutingContext>,io.vertx.lang.rx.RxDelegate,InputTrustHandler
public class CSRFHandler extends Object implements io.vertx.lang.rx.RxDelegate, InputTrustHandler, Handler<RoutingContext>
This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header. The behavior is to check the request body header and cookie for validity. This Handler requires session support, thus should be added somewhere below Session and Body handlers.NOTE: This class has been automatically generated from the
originalnon RX-ified interface using Vert.x codegen.
-
-
Field Summary
Fields Modifier and Type Field Description static io.vertx.lang.rx.TypeArg<CSRFHandler>__TYPE_ARGstatic StringDEFAULT_COOKIE_NAMEstatic StringDEFAULT_COOKIE_PATHstatic StringDEFAULT_HEADER_NAME
-
Constructor Summary
Constructors Constructor Description CSRFHandler(CSRFHandler delegate)CSRFHandler(Object delegate)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static CSRFHandlercreate(Vertx vertx, String secret)Instantiate a new CSRFHandlerImpl with a secretbooleanequals(Object o)CSRFHandlergetDelegate()voidhandle(RoutingContext event)Something has happened, so handle it.inthashCode()static CSRFHandlernewInstance(CSRFHandler arg)CSRFHandlersetCookieHttpOnly(boolean httpOnly)Set the cookiehttpOnlyattribute.CSRFHandlersetCookieName(String name)Set the cookie name.CSRFHandlersetCookiePath(String path)Set the cookie path.CSRFHandlersetCookieSecure(boolean secure)Sets the cookiesecureflag.CSRFHandlersetHeaderName(String name)Set the header name.CSRFHandlersetNagHttps(boolean nag)Should the handler give warning messages if this handler is used in other than https protocols?CSRFHandlersetOrigin(String origin)Set the origin for this server.CSRFHandlersetTimeout(long timeout)Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.StringtoString()
-
-
-
Field Detail
-
__TYPE_ARG
public static final io.vertx.lang.rx.TypeArg<CSRFHandler> __TYPE_ARG
-
DEFAULT_COOKIE_NAME
public static final String DEFAULT_COOKIE_NAME
- See Also:
- Constant Field Values
-
DEFAULT_COOKIE_PATH
public static final String DEFAULT_COOKIE_PATH
- See Also:
- Constant Field Values
-
DEFAULT_HEADER_NAME
public static final String DEFAULT_HEADER_NAME
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
CSRFHandler
public CSRFHandler(CSRFHandler delegate)
-
CSRFHandler
public CSRFHandler(Object delegate)
-
-
Method Detail
-
getDelegate
public CSRFHandler getDelegate()
- Specified by:
getDelegatein interfaceInputTrustHandler- Specified by:
getDelegatein interfaceio.vertx.lang.rx.RxDelegate
-
handle
public void handle(RoutingContext event)
Something has happened, so handle it.- Specified by:
handlein interfaceHandler<RoutingContext>- Specified by:
handlein interfaceInputTrustHandler- Parameters:
event- the event to handle
-
create
public static CSRFHandler create(Vertx vertx, String secret)
Instantiate a new CSRFHandlerImpl with a secretCSRFHandler.create("s3cr37")- Parameters:
vertx-secret- server secret to sign the token.- Returns:
-
setOrigin
public CSRFHandler setOrigin(String origin)
Set the origin for this server. When this value is set, extra validation will occur. The request must match the origin server, port and protocol.- Parameters:
origin- the origin for this server e.g.:https://www.foo.com.- Returns:
- fluent
-
setCookieName
public CSRFHandler setCookieName(String name)
Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.- Parameters:
name- a new name for the cookie.- Returns:
- fluent
-
setCookiePath
public CSRFHandler setCookiePath(String path)
Set the cookie path. By default / is used.- Parameters:
path- a new path for the cookie.- Returns:
- fluent
-
setCookieHttpOnly
public CSRFHandler setCookieHttpOnly(boolean httpOnly)
Set the cookiehttpOnlyattribute. When setting tofalsethe CSRF handler will behave in Double Submit Cookie mode. When set totruethen it will operate in Cookie-to-header mode. For more information https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie- Parameters:
httpOnly- a new name for the header.- Returns:
- fluent
-
setCookieSecure
public CSRFHandler setCookieSecure(boolean secure)
Sets the cookiesecureflag. When set this flag instructs browsers to only send the cookie over HTTPS.- Parameters:
secure- true to set the secure flag on the cookie- Returns:
- a reference to this, so the API can be used fluently
-
setHeaderName
public CSRFHandler setHeaderName(String name)
Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.- Parameters:
name- a new name for the header.- Returns:
- fluent
-
setNagHttps
public CSRFHandler setNagHttps(boolean nag)
Should the handler give warning messages if this handler is used in other than https protocols?- Parameters:
nag- true to nag- Returns:
- fluent
-
setTimeout
public CSRFHandler setTimeout(long timeout)
Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.- Parameters:
timeout- token timeout- Returns:
- fluent
-
newInstance
public static CSRFHandler newInstance(CSRFHandler arg)
-
-