Package io.quarkus.csrf.reactive.runtime

Class CsrfReactiveConfig

java.lang.Object

io.quarkus.csrf.reactive.runtime.CsrfReactiveConfig

@ConfigRoot(phase=RUN_TIME)
public class CsrfReactiveConfig
extends Object

Runtime configuration for CSRF Reactive Filter.

Field Summary

Fields

Modifier and Type	Field	Description
Optional<String>	cookieDomain	CSRF cookie domain.
boolean	cookieForceSecure	If enabled the CSRF cookie will have its 'secure' parameter set to 'true' when HTTP is used.
Duration	cookieMaxAge	CSRF cookie max age.
String	cookieName	CSRF cookie name.
String	cookiePath	CSRF cookie path.
Optional<String>	createTokenPath	Create CSRF token only if the HTTP GET relative request path is the same as the one configured with this property.
String	formFieldName	Form field name which keeps a CSRF token.
boolean	requireFormUrlEncoded	Require that only 'application/x-www-form-urlencoded' body is accepted for the token verification to proceed.
int	tokenSize	The random CSRF token size in bytes.
boolean	verifyToken	Verify CSRF token in the CSRF filter.

Constructor Summary

Constructors

Constructor	Description
CsrfReactiveConfig()

Method Summary

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

formFieldName

@ConfigItem(defaultValue="csrf-token")
public String formFieldName

Form field name which keeps a CSRF token.

cookieName

@ConfigItem(defaultValue="csrf-token")
public String cookieName

CSRF cookie name.

cookieMaxAge

@ConfigItem(defaultValue="10M")
public Duration cookieMaxAge

CSRF cookie max age.

cookiePath

@ConfigItem(defaultValue="/")
public String cookiePath

CSRF cookie path.

cookieDomain

@ConfigItem
public Optional<String> cookieDomain

CSRF cookie domain.

cookieForceSecure

@ConfigItem(defaultValue="false")
public boolean cookieForceSecure

If enabled the CSRF cookie will have its 'secure' parameter set to 'true' when HTTP is used. It may be necessary when running behind an SSL terminating reverse proxy. The cookie will always be secure if HTTPS is used even if this property is set to false.

createTokenPath

@ConfigItem
public Optional<String> createTokenPath

Create CSRF token only if the HTTP GET relative request path is the same as the one configured with this property.

tokenSize

@ConfigItem(defaultValue="16")
public int tokenSize

The random CSRF token size in bytes.

verifyToken

@ConfigItem(defaultValue="true")
public boolean verifyToken

Verify CSRF token in the CSRF filter. If this property is enabled then the input stream will be read by the CSRF filter to verify the token and recreated for the application code to read the data correctly. Therefore, it is recommended to disable this property when dealing with the large form payloads and instead compare CSRF form and cookie parameters in the application code using JAX-RS FormParam which refers to the formFieldName form property and CookieParam which refers to the cookieName cookie. Note that even if the CSRF token verification in the CSRF filter is disabled, the filter will still perform checks to ensure the token is available, has the correct tokenSize in bytes and that the Content-Type HTTP header is 'application/x-www-form-urlencoded'.

requireFormUrlEncoded

@ConfigItem(defaultValue="true")
public boolean requireFormUrlEncoded

Require that only 'application/x-www-form-urlencoded' body is accepted for the token verification to proceed. Disable this property for the CSRF filter to avoid verifying the token for POST requests with other content types. This property is only effective if verifyToken property is enabled.

Constructor Detail

CsrfReactiveConfig

public CsrfReactiveConfig()