org.scalatra

CsrfTokenSupport

trait CsrfTokenSupport extends AnyRef

Provides cross-site request forgery protection.

Adds a before filter. If a request is determined to be forged, the handleForgery() hook is invoked. Otherwise, a token for the next request is prepared with prepareCsrfToken.

Self Type
CsrfTokenSupport with ScalatraBase
Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By inheritance
Inherited
  1. CsrfTokenSupport
  2. AnyRef
  3. Any
  1. Hide All
  2. Show all
Learn more about member selection
Visibility
  1. Public
  2. All

Value Members

  1. final def !=(arg0: Any): Boolean

    Definition Classes
    AnyRef → Any
  2. final def ##(): Int

    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean

    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0

    Definition Classes
    Any
  5. def clone(): AnyRef

    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  6. def csrfKey: String

    The key used to store the token on the session, as well as the parameter of the request.

  7. def csrfToken(implicit request: HttpServletRequest): String

    Returns the token from the session.

    Returns the token from the session.

    Attributes
    protected[org.scalatra]
  8. final def eq(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef
  9. def equals(arg0: Any): Boolean

    Definition Classes
    AnyRef → Any
  10. def finalize(): Unit

    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  11. final def getClass(): Class[_]

    Definition Classes
    AnyRef → Any
  12. def handleForgery(): Unit

    Take an action when a forgery is detected.

    Take an action when a forgery is detected. The default action halts further request processing and returns a 403 HTTP status code.

    Attributes
    protected
  13. def hashCode(): Int

    Definition Classes
    AnyRef → Any
  14. def isForged: Boolean

    Tests whether a request with a unsafe method is a potential cross-site forgery.

    Tests whether a request with a unsafe method is a potential cross-site forgery.

    returns

    true if the request is an unsafe method (POST, PUT, DELETE, TRACE, CONNECT, PATCH) and the request parameter at csrfKey does not match the session key of the same name.

    Attributes
    protected
  15. final def isInstanceOf[T0]: Boolean

    Definition Classes
    Any
  16. final def ne(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef
  17. final def notify(): Unit

    Definition Classes
    AnyRef
  18. final def notifyAll(): Unit

    Definition Classes
    AnyRef
  19. def prepareCsrfToken(): Any

    Prepares a CSRF token.

    Prepares a CSRF token. The default implementation uses GenerateId and stores it on the session.

    Attributes
    protected
  20. final def synchronized[T0](arg0: ⇒ T0): T0

    Definition Classes
    AnyRef
  21. def toString(): String

    Definition Classes
    AnyRef → Any
  22. final def wait(): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  23. final def wait(arg0: Long, arg1: Int): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  24. final def wait(arg0: Long): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

Deprecated Value Members

  1. def prepareCSRFToken(): Any

    Attributes
    protected
    Annotations
    @deprecated
    Deprecated

    (Since version 2.0.0) Use prepareCsrfToken()

Inherited from AnyRef

Inherited from Any

Ungrouped