Packages

trait CsrfTokenSupport extends AnyRef

Provides cross-site request forgery protection.

Adds a before filter. If a request is determined to be forged, the handleForgery() hook is invoked. Otherwise, a token for the next request is prepared with prepareCsrfToken.

Self Type
CsrfTokenSupport with ScalatraBase
Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. CsrfTokenSupport
  2. AnyRef
  3. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. def clone(): AnyRef
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  6. def csrfKey: String

    The key used to store the token on the session, as well as the parameter of the request.

  7. def csrfToken(implicit request: HttpServletRequest): String

    Returns the token from the session.

    Returns the token from the session.

    Attributes
    protected[org.scalatra]
  8. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  9. def equals(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  10. def finalize(): Unit
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  11. final def getClass(): Class[_]
    Definition Classes
    AnyRef → Any
  12. def handleForgery(): Unit

    Take an action when a forgery is detected.

    Take an action when a forgery is detected. The default action halts further request processing and returns a 403 HTTP status code.

    Attributes
    protected
  13. def hashCode(): Int
    Definition Classes
    AnyRef → Any
  14. def isForged: Boolean

    Tests whether a request with a unsafe method is a potential cross-site forgery.

    Tests whether a request with a unsafe method is a potential cross-site forgery.

    returns

    true if the request is an unsafe method (POST, PUT, DELETE, TRACE, CONNECT, PATCH) and the request parameter at csrfKey does not match the session key of the same name.

    Attributes
    protected
  15. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  16. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  17. final def notify(): Unit
    Definition Classes
    AnyRef
  18. final def notifyAll(): Unit
    Definition Classes
    AnyRef
  19. def prepareCsrfToken(): String

    Prepares a CSRF token.

    Prepares a CSRF token. The default implementation uses GenerateId and stores it on the session.

    Attributes
    protected
  20. final def synchronized[T0](arg0: ⇒ T0): T0
    Definition Classes
    AnyRef
  21. def toString(): String
    Definition Classes
    AnyRef → Any
  22. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  23. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  24. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

Deprecated Value Members

  1. def prepareCSRFToken(): String
    Attributes
    protected
    Annotations
    @deprecated
    Deprecated

    (Since version 2.0.0) Use prepareCsrfToken()

Inherited from AnyRef

Inherited from Any

Ungrouped