Class/Object

play.filters.csrf

CSRFConfig

Related Docs: object CSRFConfig | package csrf

Permalink

case class CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, createIfNotFound: (RequestHeader) ⇒ Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) ⇒ Boolean = CSRFConfig.UnsafeMethods, checkContentType: (Option[String]) ⇒ Boolean = ..., headerName: String = "Csrf-Token", headerBypass: Boolean = true) extends Product with Serializable

CSRF configuration.

tokenName

The name of the token.

cookieName

If defined, the name of the cookie to read the token from/write the token to.

secureCookie

If using a cookie, whether it should be secure.

httpOnlyCookie

If using a cookie, whether it should have the HTTP only flag.

postBodyBuffer

How much of the POST body should be buffered if checking the body for a token.

signTokens

Whether tokens should be signed.

checkMethod

Returns true if a request for that method should be checked.

checkContentType

Returns true if a request for that content type should be checked.

headerName

The name of the HTTP header to check for tokens from.

headerBypass

Whether CSRF check can be bypassed by the presence of certain headers, such as X-Requested-By.

Source
csrf.scala
Linear Supertypes
Serializable, Serializable, Product, Equals, AnyRef, Any
Ordering
  1. Alphabetic
  2. By inheritance
Inherited
  1. CSRFConfig
  2. Serializable
  3. Serializable
  4. Product
  5. Equals
  6. AnyRef
  7. Any
  1. Hide All
  2. Show all
Visibility
  1. Public
  2. All

Instance Constructors

  1. new CSRFConfig(tokenName: String = "csrfToken", cookieName: Option[String] = None, secureCookie: Boolean = false, httpOnlyCookie: Boolean = false, createIfNotFound: (RequestHeader) ⇒ Boolean = CSRFConfig.defaultCreateIfNotFound, postBodyBuffer: Long = 102400, signTokens: Boolean = true, checkMethod: (String) ⇒ Boolean = CSRFConfig.UnsafeMethods, checkContentType: (Option[String]) ⇒ Boolean = ..., headerName: String = "Csrf-Token", headerBypass: Boolean = true)

    Permalink

    tokenName

    The name of the token.

    cookieName

    If defined, the name of the cookie to read the token from/write the token to.

    secureCookie

    If using a cookie, whether it should be secure.

    httpOnlyCookie

    If using a cookie, whether it should have the HTTP only flag.

    postBodyBuffer

    How much of the POST body should be buffered if checking the body for a token.

    signTokens

    Whether tokens should be signed.

    checkMethod

    Returns true if a request for that method should be checked.

    checkContentType

    Returns true if a request for that content type should be checked.

    headerName

    The name of the HTTP header to check for tokens from.

    headerBypass

    Whether CSRF check can be bypassed by the presence of certain headers, such as X-Requested-By.

Value Members

  1. final def !=(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any

  2. final def ##(): Int

    Permalink
    Definition Classes
    AnyRef → Any

  3. final def ==(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any

  4. final def asInstanceOf[T0]: T0

    Permalink
    Definition Classes
    Any

  5. val checkContentType: (Option[String]) ⇒ Boolean

    Permalink

    Returns true if a request for that content type should be checked.

  6. val checkMethod: (String) ⇒ Boolean

    Permalink

    Returns true if a request for that method should be checked.

  7. def clone(): AnyRef

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  8. val cookieName: Option[String]

    Permalink

    If defined, the name of the cookie to read the token from/write the token to.

  9. val createIfNotFound: (RequestHeader) ⇒ Boolean

    Permalink

  10. final def eq(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef

  11. def finalize(): Unit

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )

  12. final def getClass(): Class[_]

    Permalink
    Definition Classes
    AnyRef → Any

  13. val headerBypass: Boolean

    Permalink

    Whether CSRF check can be bypassed by the presence of certain headers, such as X-Requested-By.

  14. val headerName: String

    Permalink

    The name of the HTTP header to check for tokens from.

  15. val httpOnlyCookie: Boolean

    Permalink

    If using a cookie, whether it should have the HTTP only flag.

  16. final def isInstanceOf[T0]: Boolean

    Permalink
    Definition Classes
    Any

  17. final def ne(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef

  18. final def notify(): Unit

    Permalink
    Definition Classes
    AnyRef

  19. final def notifyAll(): Unit

    Permalink
    Definition Classes
    AnyRef

  20. val postBodyBuffer: Long

    Permalink

    How much of the POST body should be buffered if checking the body for a token.

  21. val secureCookie: Boolean

    Permalink

    If using a cookie, whether it should be secure.

  22. val signTokens: Boolean

    Permalink

    Whether tokens should be signed.

  23. final def synchronized[T0](arg0: ⇒ T0): T0

    Permalink
    Definition Classes
    AnyRef

  24. val tokenName: String

    Permalink

    The name of the token.

  25. final def wait(): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  26. final def wait(arg0: Long, arg1: Int): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  27. final def wait(arg0: Long): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

Inherited from Serializable

Inherited from Serializable

Inherited from Product

Inherited from Equals

Inherited from AnyRef

Inherited from Any

Ungrouped