Package io.quarkus.csrf.reactive.runtime
Class CsrfReactiveConfig
- java.lang.Object
-
- io.quarkus.csrf.reactive.runtime.CsrfReactiveConfig
-
@ConfigRoot(phase=RUN_TIME) public class CsrfReactiveConfig extends Object
Runtime configuration for CSRF Reactive Filter.
-
-
Field Summary
Fields Modifier and Type Field Description Optional<String>cookieDomainCSRF cookie domain.booleancookieForceSecureIf enabled the CSRF cookie will have its 'secure' parameter set to 'true' when HTTP is used.DurationcookieMaxAgeCSRF cookie max age.StringcookieNameCSRF cookie name.StringcookiePathCSRF cookie path.Optional<Set<String>>createTokenPathCreate CSRF token only if the HTTP GET relative request path matches one of the paths configured with this property.StringformFieldNameForm field name which keeps a CSRF token.booleanrequireFormUrlEncodedRequire that only 'application/x-www-form-urlencoded' or 'multipart/form-data' body is accepted for the token verification to proceed.Optional<String>tokenSignatureKeyCSRF token HMAC signature key, if this key is set then it must be at least 32 characters long.inttokenSizeRandom CSRF token size in bytes.booleanverifyTokenVerify CSRF token in the CSRF filter.
-
Constructor Summary
Constructors Constructor Description CsrfReactiveConfig()
-
-
-
Field Detail
-
formFieldName
@ConfigItem(defaultValue="csrf-token") public String formFieldName
Form field name which keeps a CSRF token.
-
cookieName
@ConfigItem(defaultValue="csrf-token") public String cookieName
CSRF cookie name.
-
cookieMaxAge
@ConfigItem(defaultValue="10M") public Duration cookieMaxAge
CSRF cookie max age.
-
cookiePath
@ConfigItem(defaultValue="/") public String cookiePath
CSRF cookie path.
-
cookieDomain
@ConfigItem public Optional<String> cookieDomain
CSRF cookie domain.
-
cookieForceSecure
@ConfigItem(defaultValue="false") public boolean cookieForceSecure
If enabled the CSRF cookie will have its 'secure' parameter set to 'true' when HTTP is used. It may be necessary when running behind an SSL terminating reverse proxy. The cookie will always be secure if HTTPS is used even if this property is set to false.
-
createTokenPath
@ConfigItem public Optional<Set<String>> createTokenPath
Create CSRF token only if the HTTP GET relative request path matches one of the paths configured with this property. Use a comma to separate multiple path values.
-
tokenSize
@ConfigItem(defaultValue="16") public int tokenSize
Random CSRF token size in bytes.
-
tokenSignatureKey
@ConfigItem public Optional<String> tokenSignatureKey
CSRF token HMAC signature key, if this key is set then it must be at least 32 characters long.
-
verifyToken
@ConfigItem(defaultValue="true") public boolean verifyToken
Verify CSRF token in the CSRF filter. If this property is enabled then the input stream will be read and cached by the CSRF filter to verify the token. If you prefer then you can disable this property and compare CSRF form and cookie parameters in the application code using JAX-RS javax.ws.rs.FormParam which refers to theformFieldNameform property and javax.ws.rs.CookieParam which refers to thecookieNamecookie. Note that even if the CSRF token verification in the CSRF filter is disabled, the filter will still perform checks to ensure the token is available, has the correct tokenSize in bytes and that the Content-Type HTTP header is either 'application/x-www-form-urlencoded' or 'multipart/form-data'.
-
requireFormUrlEncoded
@ConfigItem(defaultValue="true") public boolean requireFormUrlEncoded
Require that only 'application/x-www-form-urlencoded' or 'multipart/form-data' body is accepted for the token verification to proceed. Disable this property for the CSRF filter to avoid verifying the token for POST requests with other content types. This property is only effective ifverifyTokenproperty is enabled.
-
-