object CsrfDirectives extends CsrfDirectives
- Alphabetic
- By Inheritance
- CsrfDirectives
- CsrfDirectives
- AnyRef
- Any
- Hide All
- Show All
- Public
- All
Value Members
-
final
def
!=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
##(): Int
- Definition Classes
- AnyRef → Any
-
final
def
==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
asInstanceOf[T0]: T0
- Definition Classes
- Any
-
def
clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( ... ) @native() @HotSpotIntrinsicCandidate()
-
def
csrfTokenFromCookie[T](checkMode: CsrfCheckMode[T]): Directive1[Option[String]]
- Definition Classes
- CsrfDirectives
-
final
def
eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
def
equals(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
getClass(): Class[_]
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @HotSpotIntrinsicCandidate()
-
def
hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native() @HotSpotIntrinsicCandidate()
-
def
hmacTokenCsrfProtection[T](checkMode: CsrfCheckMode[T]): Directive0
Protects against CSRF attacks using a double-submit cookie.
Protects against CSRF attacks using a double-submit cookie. The cookie will be set on any
GET
request which doesn't have the token set in the header. For all other requests, the value of the token from the CSRF cookie must match the value in the custom header (or request body, ifcheckFormBody
istrue
).The cookie value is the concatenation of a timestamp and its HMAC hash following the OWASP recommendation for CSRF prevention:
- Definition Classes
- CsrfDirectives
- See also
OWASP Note that this scheme can be broken when not all subdomains are protected or not using HTTPS and secure cookies, and the token is placed in the request body (not in the header). See the documentation for more details.
-
final
def
isInstanceOf[T0]: Boolean
- Definition Classes
- Any
-
final
def
ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
final
def
notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @HotSpotIntrinsicCandidate()
-
final
def
notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native() @HotSpotIntrinsicCandidate()
-
def
setNewCsrfToken[T](checkMode: CsrfCheckMode[T]): Directive0
- Definition Classes
- CsrfDirectives
-
def
submittedCsrfToken[T](checkMode: CsrfCheckMode[T]): Directive1[String]
- Definition Classes
- CsrfDirectives
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
- Definition Classes
- AnyRef
-
def
toString(): String
- Definition Classes
- AnyRef → Any
-
final
def
wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... ) @native()
-
final
def
wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
Deprecated Value Members
-
def
finalize(): Unit
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( classOf[java.lang.Throwable] ) @Deprecated
- Deprecated
-
def
randomTokenCsrfProtection[T](checkMode: CsrfCheckMode[T]): Directive0
- Definition Classes
- CsrfDirectives
- Annotations
- @deprecated
- Deprecated
(Since version 0.6.1) use hmacTokenCsrfProtection