root
API
Generated with
root/play/play.filters/play.filters.csrf

play.filters.csrf

package play.filters.csrf

Members list

Type members

Classlikes

object CSRF

Attributes

Supertypes
class Object
trait Matchable
class Any
Self type
CSRF.type
class CSRFAction(next: EssentialAction, config: CSRFConfig, tokenSigner: CSRFTokenSigner, tokenProvider: TokenProvider, sessionConfiguration: SessionConfiguration, errorHandler: => ErrorHandler)(implicit mat: Materializer) extends EssentialAction

An action that provides CSRF protection.

An action that provides CSRF protection.

Value parameters

config

The CSRF configuration.

errorHandler

handling failed token error.

next

The composed action that is being protected.

tokenProvider

A token provider to use.

tokenSigner

The CSRF token signer.

Attributes

Supertypes
trait Handler
class Object
trait Matchable
class Any
Show all
class CSRFActionHelper(sessionConfiguration: SessionConfiguration, csrfConfig: CSRFConfig, tokenSigner: CSRFTokenSigner, tokenProvider: TokenProvider)

Attributes

Supertypes
class Object
trait Matchable
class Any
case class CSRFAddToken(config: CSRFConfig, crypto: CSRFTokenSigner, sessionConfiguration: SessionConfiguration)

CSRF add token action.

CSRF add token action.

Apply this to all actions that render a form that contains a CSRF token.

Attributes

Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
case class CSRFCheck(config: CSRFConfig, tokenSigner: CSRFTokenSigner, sessionConfiguration: SessionConfiguration)

CSRF check action.

CSRF check action.

Apply this to all actions that require a CSRF check.

Attributes

Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
trait CSRFComponents

The CSRF components.

The CSRF components.

Attributes

Supertypes
class Object
trait Matchable
class Any
Known subtypes
case class CSRFConfig(tokenName: String, cookieName: Option[String], secureCookie: Boolean, httpOnlyCookie: Boolean, sameSiteCookie: Option[SameSite], createIfNotFound: RequestHeader => Boolean, postBodyBuffer: Long, signTokens: Boolean, checkMethod: String => Boolean, checkContentType: (Option[String]) => Boolean, headerName: String, shouldProtect: RequestHeader => Boolean, bypassCorsTrustedOrigins: Boolean)

CSRF configuration.

CSRF configuration.

Value parameters

bypassCorsTrustedOrigins

Whether to bypass the CSRF check if the CORS filter trusts this origin

checkContentType

Returns true if a request for that content type should be checked.

checkMethod

Returns true if a request for that method should be checked.

cookieName

If defined, the name of the cookie to read the token from/write the token to.

headerName

The name of the HTTP header to check for tokens from.

httpOnlyCookie

If using a cookie, whether it should have the HTTP only flag.

postBodyBuffer

How much of the POST body should be buffered if checking the body for a token.

sameSiteCookie

If using a cookie, the cookie's SameSite attribute.

secureCookie

If using a cookie, whether it should be secure.

shouldProtect

A function that decides based on the headers of the request if a check is needed.

signTokens

Whether tokens should be signed.

tokenName

The name of the token.

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object CSRFConfig

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
CSRFConfig.type
@Singleton
class CSRFConfigProvider(config: Configuration) extends Provider[CSRFConfig]

Attributes

Supertypes
trait Provider[CSRFConfig]
class Object
trait Matchable
class Any
class CSRFFilter(config: => CSRFConfig, tokenSigner: => CSRFTokenSigner, sessionConfiguration: => SessionConfiguration, val tokenProvider: TokenProvider, val errorHandler: ErrorHandler)(implicit mat: Materializer) extends EssentialFilter

A filter that provides CSRF protection.

A filter that provides CSRF protection.

These must be by name parameters because the typical use case for instantiating the filter is in Global, which happens before the application is started. Since the default values for the parameters are loaded from config and hence depend on a started application, they must be by name.

Value parameters

config

A csrf configuration object

errorHandler

handling failed token error.

tokenProvider

A token provider to use.

tokenSigner

the CSRF token signer.

Attributes

Supertypes
class Object
trait Matchable
class Any
class CSRFModule extends Module

The CSRF module.

The CSRF module.

Attributes

Supertypes
class Module
class Object
trait Matchable
class Any
Generated with