play.filters.csrf
Members list
Type members
Classlikes
An action that provides CSRF protection.
An action that provides CSRF protection.
Value parameters
- config
-
The CSRF configuration.
- errorHandler
-
handling failed token error.
- next
-
The composed action that is being protected.
- tokenProvider
-
A token provider to use.
- tokenSigner
-
The CSRF token signer.
Attributes
- Supertypes
Attributes
- Supertypes
-
class Objecttrait Matchableclass Any
The CSRF components.
The CSRF components.
Attributes
- Supertypes
-
class Objecttrait Matchableclass Any
- Known subtypes
-
trait HttpFiltersComponents
CSRF configuration.
CSRF configuration.
Value parameters
- bypassCorsTrustedOrigins
-
Whether to bypass the CSRF check if the CORS filter trusts this origin
- checkContentType
-
Returns true if a request for that content type should be checked.
- checkMethod
-
Returns true if a request for that method should be checked.
- cookieName
-
If defined, the name of the cookie to read the token from/write the token to.
- headerName
-
The name of the HTTP header to check for tokens from.
- httpOnlyCookie
-
If using a cookie, whether it should have the HTTP only flag.
- postBodyBuffer
-
How much of the POST body should be buffered if checking the body for a token.
- sameSiteCookie
-
If using a cookie, the cookie's SameSite attribute.
- secureCookie
-
If using a cookie, whether it should be secure.
- shouldProtect
-
A function that decides based on the headers of the request if a check is needed.
- signTokens
-
Whether tokens should be signed.
- tokenName
-
The name of the token.
Attributes
- Companion
- object
- Supertypes
Attributes
- Companion
- class
- Supertypes
- Self type
-
CSRFConfig.type
Attributes
- Supertypes
A filter that provides CSRF protection.
A filter that provides CSRF protection.
These must be by name parameters because the typical use case for instantiating the filter is in Global, which happens before the application is started. Since the default values for the parameters are loaded from config and hence depend on a started application, they must be by name.
Value parameters
- config
-
A csrf configuration object
- errorHandler
-
handling failed token error.
- tokenProvider
-
A token provider to use.
- tokenSigner
-
the CSRF token signer.
Attributes
- Supertypes
The CSRF module.