Package org.apache.jackrabbit.webdav.util

Class CSRFUtil

java.lang.Object
org.apache.jackrabbit.webdav.util.CSRFUtil
public class CSRFUtil extends Object
CSRFUtil...

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final Set<String>
    CONTENT_TYPES
    Request content types for CSRF checking, see JCR-3909, JCR-4002, and JCR-4009
    static final String
    DISABLED
    Constant used to

  • Constructor Summary

    Constructors
    Constructor
    Description
    CSRFUtil(String config)
    Creates a new instance from the specified configuration, which defines the behaviour of the referrer based CSRF protection as follows: If config is null or empty string the default behaviour is to allow only requests with an empty referrer header or a referrer host equal to the server host A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above). The value DISABLED may be used to disable the referrer checking altogether

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    isValidRequest(HttpServletRequest request)
     

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • DISABLED

      public static final String DISABLED
      Constant used to
      See Also:

    • CONTENT_TYPES

      public static final Set<String> CONTENT_TYPES
      Request content types for CSRF checking, see JCR-3909, JCR-4002, and JCR-4009

  • Constructor Details

    • CSRFUtil

      public CSRFUtil(String config)
      Creates a new instance from the specified configuration, which defines the behaviour of the referrer based CSRF protection as follows:
      1. If config is null or empty string the default behaviour is to allow only requests with an empty referrer header or a referrer host equal to the server host
      2. A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above).
      3. The value DISABLED may be used to disable the referrer checking altogether
      Parameters:
      config - The configuration value which may be any of the following:
      • null or empty string for the default behaviour, which only allows requests with an empty referrer header or a referrer host equal to the server host
      • A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above).
      • DISABLED in order to disable the referrer checking altogether

  • Method Details