object CSRF
- Companion:
- class
Type members
Classlikes
Value members
Concrete methods
def apply[F[_] : Async, G[_] : Applicative](key: ByteVector, headerCheck: Request[G] => Boolean): CSRFBuilder[F, G]
Build a new HMACSHA1 Key for our CSRF Middleware
from key bytes. This operation is unsafe, in that
any amount less than 20 bytes will throw an exception when loaded
into Mac
. Any keys larger than 64 bytes are just hashed.
Build a new HMACSHA1 Key for our CSRF Middleware
from key bytes. This operation is unsafe, in that
any amount less than 20 bytes will throw an exception when loaded
into Mac
. Any keys larger than 64 bytes are just hashed.
For more information, refer to: https://datatracker.ietf.org/doc/html/rfc2104#section-3
Use for loading a key from a config file, after having generated one safely
def checkCSRFinHeaderAndForm[F[_], G[_] : Concurrent](fieldName: String, nt: FunctionK[G, F])(implicit evidence$13: Concurrent[G], F: Async[F]): CSRF[F, G] => F => G
Uri.fromString(o.head.value)match{
caseRight(uri)=>
Some.apply[Uri](uri)
caseLeft(_)=>
None
})).exists(((u:Uri)=>u.host.exists(((_$45:Host)=>_$45.value.==(host))).&&(u.scheme.contains[Scheme](sc)).&&(u.port.==(port)))).||(r.headers.get[Referer](singleHeaders[Referer](headerInstance)).exists(((`u₂`:Referer)=>`u₂`.uri.host.exists(((_$46:Host)=>_$46.value.==(host))).&&(`u₂`.uri.scheme.contains[Scheme](sc)).&&(`u₂`.uri.port.==(port)))))" class="documentableAnchor">
def Uri.fromString(o.head.value)match{
caseRight(uri)=>
Some.apply[Uri](uri)
caseLeft(_)=>
None
})).exists(((u:Uri)=>u.host.exists(((_$45:Host)=>_$45.value.==(host))).&&(u.scheme.contains[Scheme](sc)).&&(u.port.==(port)))).||(r.headers.get[Referer](singleHeaders[Referer](headerInstance)).exists(((`u₂`:Referer)=>`u₂`.uri.host.exists(((_$46:Host)=>_$46.value.==(host))).&&(`u₂`.uri.scheme.contains[Scheme](sc)).&&(`u₂`.uri.port.==(port)))))" class="documentableName ">defaultOriginCheck[F[_]](r: Request[F], host: String, sc: Scheme, port: Option[Int]): Boolean
Check origin matches our proposed origin.
Check origin matches our proposed origin.
def withDefaultOriginCheck[F[_] : Async, G[_] : Applicative](key: ByteVector, host: String, scheme: Scheme, port: Option[Int]): CSRFBuilder[F, G]
def withDefaultOriginCheckFormAware[F[_] : Async, G[_] : Concurrent](fieldName: String, nt: FunctionK[G, F])(key: ByteVector, host: String, scheme: Scheme, port: Option[Int]): CSRFBuilder[F, G]
def withGeneratedKey[F[_] : Async, G[_] : Applicative](headerCheck: Request[G] => Boolean): F[CSRFBuilder[F, G]]
def withKeyBytes[F[_] : Async, G[_] : Applicative](keyBytes: Array[Byte], headerCheck: Request[G] => Boolean): F[CSRFBuilder[F, G]]