org.scalatra

CsrfTokenSupport

trait CsrfTokenSupport extends AnyRef

Provides cross-site request forgery protection.

Adds a before filter. If a request is determined to be forged, the handleForgery() hook is invoked. Otherwise, a token for the next request is prepared with prepareCsrfToken.

Self Type
CsrfTokenSupport with ScalatraBase with SessionSupport
Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By inheritance
Inherited
  1. Hide All
  2. Show all
  1. CsrfTokenSupport
  2. AnyRef
  3. Any
Visibility
  1. Public
  2. All

Value Members

  1. final def !=(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef
  2. final def !=(arg0: Any): Boolean

    Definition Classes
    Any
  3. final def ##(): Int

    Definition Classes
    AnyRef → Any
  4. final def ==(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef
  5. final def ==(arg0: Any): Boolean

    Definition Classes
    Any
  6. final def asInstanceOf[T0]: T0

    Definition Classes
    Any
  7. def clone(): AnyRef

    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws()
  8. def csrfKey: String

    The key used to store the token on the session, as well as the parameter of the request.

    The key used to store the token on the session, as well as the parameter of the request.

    Attributes
    protected
  9. def csrfToken: String

    Returns the token from the session.

    Returns the token from the session.

    Attributes
    protected
  10. final def eq(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef
  11. def equals(arg0: Any): Boolean

    Definition Classes
    AnyRef → Any
  12. def finalize(): Unit

    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws()
  13. final def getClass(): java.lang.Class[_]

    Definition Classes
    AnyRef → Any
  14. def handleForgery(): Unit

    Take an action when a forgery is detected.

    Take an action when a forgery is detected. The default action halts further request processing and returns a 403 HTTP status code.

    Attributes
    protected
  15. def hashCode(): Int

    Definition Classes
    AnyRef → Any
  16. def isForged: Boolean

    Tests whether a request with a unsafe method is a potential cross-site forgery.

    Tests whether a request with a unsafe method is a potential cross-site forgery.

    returns

    true if the request is an unsafe method (POST, PUT, DELETE, TRACE, CONNECT, PATCH) and the request parameter at csrfKey does not match the session key of the same name.

    Attributes
    protected
  17. final def isInstanceOf[T0]: Boolean

    Definition Classes
    Any
  18. final def ne(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef
  19. final def notify(): Unit

    Definition Classes
    AnyRef
  20. final def notifyAll(): Unit

    Definition Classes
    AnyRef
  21. def prepareCsrfToken(): AnyRef

    Prepares a CSRF token.

    Prepares a CSRF token. The default implementation uses GenerateId and stores it on the session.

    Attributes
    protected
  22. final def synchronized[T0](arg0: ⇒ T0): T0

    Definition Classes
    AnyRef
  23. def toString(): String

    Definition Classes
    AnyRef → Any
  24. final def wait(): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws()
  25. final def wait(arg0: Long, arg1: Int): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws()
  26. final def wait(arg0: Long): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws()

Deprecated Value Members

  1. def prepareCSRFToken(): AnyRef

    Attributes
    protected
    Annotations
    @deprecated
    Deprecated

    (Since version 2.0.0) Use prepareCsrfToken()

Inherited from AnyRef

Inherited from Any