Package io.quarkus.csrf.reactive.runtime

Class CsrfRequestResponseReactiveFilter

  • public class CsrfRequestResponseReactiveFilter
extends Object

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void filter​(javax.ws.rs.container.ContainerRequestContext requestContext, javax.ws.rs.container.ContainerResponseContext responseContext, io.vertx.ext.web.RoutingContext routing)
      If the requirements below are true, sets a cookie by the name "csrf_token" that contains a CSRF token.
      void filter​(org.jboss.resteasy.reactive.server.spi.ResteasyReactiveContainerRequestContext requestContext, io.vertx.ext.web.RoutingContext routing)
      If the request method is safe (GET, HEAD or OPTIONS): Sets a RoutingContext key by the name "csrf_token" that contains a randomly generated Base64 encoded string, unless such a cookie was already sent in the incoming request. If the request method is unsafe, requires the following: The request contains a valid CSRF token cookie set in response to a previous request (see above). A request entity is present. The request Content-Type is "application/x-www-form-urlencoded". The request entity contains a form parameter with the name "csrf_token" and value that is equal to the one supplied in the cookie.

    • Field Detail

      • configInstance

        @Inject
javax.enterprise.inject.Instance<CsrfReactiveConfig> configInstance

    • Constructor Detail

      • CsrfRequestResponseReactiveFilter

        public CsrfRequestResponseReactiveFilter()

    • Method Detail

      • filter

        public void filter​(org.jboss.resteasy.reactive.server.spi.ResteasyReactiveContainerRequestContext requestContext,
                   io.vertx.ext.web.RoutingContext routing)
        If the request method is safe (GET, HEAD or OPTIONS):
        • Sets a RoutingContext key by the name "csrf_token" that contains a randomly generated Base64 encoded string, unless such a cookie was already sent in the incoming request.
        If the request method is unsafe, requires the following:
        • The request contains a valid CSRF token cookie set in response to a previous request (see above).
        • A request entity is present.
        • The request Content-Type is "application/x-www-form-urlencoded".
        • The request entity contains a form parameter with the name "csrf_token" and value that is equal to the one supplied in the cookie.

      • filter

        public void filter​(javax.ws.rs.container.ContainerRequestContext requestContext,
                   javax.ws.rs.container.ContainerResponseContext responseContext,
                   io.vertx.ext.web.RoutingContext routing)
        If the requirements below are true, sets a cookie by the name "csrf_token" that contains a CSRF token.
        • The request method is GET.
        • The request does not contain a valid CSRF token cookie.
        Throws:
        IllegalStateException - if the RoutingContext does not have a value for the key "csrf_token" and a cookie needs to be set.