Package io.quarkus.csrf.reactive.runtime

Class CsrfRequestResponseReactiveFilter

java.lang.Object
io.quarkus.csrf.reactive.runtime.CsrfRequestResponseReactiveFilter
public class CsrfRequestResponseReactiveFilter extends Object

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    (package private) jakarta.enterprise.inject.Instance<CsrfReactiveConfig>
    configInstance
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    CsrfRequestResponseReactiveFilter()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    filter(jakarta.ws.rs.container.ContainerRequestContext requestContext, jakarta.ws.rs.container.ContainerResponseContext responseContext, io.vertx.ext.web.RoutingContext routing)
    If the requirements below are true, sets a cookie by the name "csrf_token" that contains a CSRF token.
    void
    filter(org.jboss.resteasy.reactive.server.spi.ResteasyReactiveContainerRequestContext requestContext, io.vertx.ext.web.RoutingContext routing)
    If the request method is safe (GET, HEAD or OPTIONS): Sets a RoutingContext key by the name "csrf_token" that contains a randomly generated Base64 encoded string, unless such a cookie was already sent in the incoming request. If the request method is unsafe, requires the following: The request contains a valid CSRF token cookie set in response to a previous request (see above). A request entity is present. The request Content-Type is "application/x-www-form-urlencoded". The request entity contains a form parameter with the name "csrf_token" and value that is equal to the one supplied in the cookie.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • configInstance

      @Inject jakarta.enterprise.inject.Instance<CsrfReactiveConfig> configInstance

  • Constructor Details

    • CsrfRequestResponseReactiveFilter

      public CsrfRequestResponseReactiveFilter()

  • Method Details

    • filter

      public void filter(org.jboss.resteasy.reactive.server.spi.ResteasyReactiveContainerRequestContext requestContext, io.vertx.ext.web.RoutingContext routing)
      If the request method is safe (GET, HEAD or OPTIONS):
      • Sets a RoutingContext key by the name "csrf_token" that contains a randomly generated Base64 encoded string, unless such a cookie was already sent in the incoming request.
      If the request method is unsafe, requires the following:
      • The request contains a valid CSRF token cookie set in response to a previous request (see above).
      • A request entity is present.
      • The request Content-Type is "application/x-www-form-urlencoded".
      • The request entity contains a form parameter with the name "csrf_token" and value that is equal to the one supplied in the cookie.

    • filter

      public void filter(jakarta.ws.rs.container.ContainerRequestContext requestContext, jakarta.ws.rs.container.ContainerResponseContext responseContext, io.vertx.ext.web.RoutingContext routing)
      If the requirements below are true, sets a cookie by the name "csrf_token" that contains a CSRF token.
      • The request method is GET.
      • The request does not contain a valid CSRF token cookie.
      Throws:
      IllegalStateException - if the RoutingContext does not have a value for the key "csrf_token" and a cookie needs to be set.