Package io.vertx.reactivex.ext.web.handler

Class CSRFHandler

  • All Implemented Interfaces:
    Handler<RoutingContext>, InputTrustHandler
    public class CSRFHandler
extends Object
implements InputTrustHandler, Handler<RoutingContext>
    This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header. The behavior is to check the request body header and cookie for validity. This Handler requires session support, thus should be added somewhere below Session and Body handlers.

    NOTE: This class has been automatically generated from the original non RX-ified interface using Vert.x codegen.

    • Constructor Detail

      • CSRFHandler

        public CSRFHandler​(CSRFHandler delegate)

      • CSRFHandler

        public CSRFHandler​(Object delegate)

    • Method Detail

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object

      • create

        public static CSRFHandler create​(Vertx vertx,
                                 String secret)
        Instantiate a new CSRFHandlerImpl with a secret 

         CSRFHandler.create("s3cr37")
        Parameters:
        vertx -
        secret - server secret to sign the token.
        Returns:

      • setOrigin

        public CSRFHandler setOrigin​(String origin)
        Set the origin for this server. When this value is set, extra validation will occur. The request must match the origin server, port and protocol.
        Parameters:
        origin - the origin for this server e.g.: https://www.foo.com.
        Returns:
        fluent

      • setCookieName

        public CSRFHandler setCookieName​(String name)
        Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.
        Parameters:
        name - a new name for the cookie.
        Returns:
        fluent

      • setCookiePath

        public CSRFHandler setCookiePath​(String path)
        Set the cookie path. By default / is used.
        Parameters:
        path - a new path for the cookie.
        Returns:
        fluent

      • setCookieSecure

        public CSRFHandler setCookieSecure​(boolean secure)
        Sets the cookie secure flag. When set this flag instructs browsers to only send the cookie over HTTPS.
        Parameters:
        secure - true to set the secure flag on the cookie
        Returns:
        a reference to this, so the API can be used fluently

      • setHeaderName

        public CSRFHandler setHeaderName​(String name)
        Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.
        Parameters:
        name - a new name for the header.
        Returns:
        fluent

      • setNagHttps

        public CSRFHandler setNagHttps​(boolean nag)
        Should the handler give warning messages if this handler is used in other than https protocols?
        Parameters:
        nag - true to nag
        Returns:
        fluent

      • setTimeout

        public CSRFHandler setTimeout​(long timeout)
        Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.
        Parameters:
        timeout - token timeout
        Returns:
        fluent