Provides cross-site request forgery protection.
CORS(Cross-Origin Resource Sharing) Support.
Provides cross-site request forgery protection.
Provides cross-site request forgery protection.
If a request is determined to be forged, the handleForgery()
hook is invoked.
Otherwise, a token for the next request is prepared with prepareCsrfToken
.
Chunked Response (Transfer-Encoding: chunked).
SkinnyMicro handler for gzipped responses.
FileUploadSupport can be mixed into a skinny.micro.SkinnyMicroServlet to provide easy access to data submitted as part of a multipart HTTP request.
FileUploadSupport can be mixed into a skinny.micro.SkinnyMicroServlet to provide easy access to data submitted as part of a multipart HTTP request.
Commonly this is used for retrieving uploaded files.
Once the trait has been mixed into your handler, you need to enable multipart
configuration in your web.xml or by using @MultipartConfig
annotation. To
configure in web.xml add <multipart-config />
to your <servlet>
element. If you
prefer annotations instead, place @MultipartConfig
to your handler. Both ways
provide some further configuration options, such as specifying the max total request size
and max size for invidual files in the request. You might want to set these to prevent
users from uploading too large files.
When the configuration has been done, you can access any files using
fileParams("myFile")
where myFile is the name
of the parameter used to upload the file being retrieved. If you are
expecting multiple files with the same name, you can use
fileMultiParams("files[]")
to access them all.
To handle any errors that are caused by multipart handling, you need to configure an error handler to your handler class:
import skinny.micro.servlet.SizeLimitExceededException import skinny.micro.servlet.FileUploadSupport @MultipartConfig(maxFileSize=1024*1024) class FileEaterServlet extends SkinnyMicroServlet with FileUploadSupport { error { case e: SizeConstrainttExceededException => "Oh, too much! Can't take it all." case e: IOException => "Server denied me my meal, thanks anyway." } post("/eatfile") { "Thanks! You just provided me " + fileParams("lunch").size + " bytes for a lunch." } }
}}* @note Once any handler with FileUploadSupport has accessed the request, the fileParams returned by FileUploadSupport will remain fixed for the lifetime of the request.
Will not work on Jetty versions prior to 8.1.3. See https://bugs.eclipse.org/bugs/show_bug.cgi?id=376324. The old scalatra-fileupload module still works for earlier versions of Jetty.
Allows an action to set key-value pairs in a transient state that is accessible only to the next action and is expired immediately after that.
Allows an action to set key-value pairs in a transient state that is accessible only to the next action and is expired immediately after that. This is especially useful when using the POST-REDIRECT-GET pattern to trace the result of an operation.
post("/article/create") { // create session flash("notice") = "article created succesfully" redirect("/home") } get("/home") { // this will access the value set in previous action stuff_with(flash("notice")) }
FlashMap
i18n support.
Redirects unsecured requests to the corresponding secure URL.
X-Content-Type-Options header support.
X-Content-Type-Options header support.
- https://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx?Redirected=true - http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx - https://github.com/blog/1482-heads-up-nosniff-header-support-coming-to-chrome-and-firefox - https://www.owasp.org/index.php/List_of_useful_HTTP_headers
X-Frame-Options header support
X-Frame-Options header support
- https://www.owasp.org/index.php/List_of_useful_HTTP_headers
Provides cross-site request forgery protection.
Provides cross-site request forgery protection.
If a request is determined to be forged, the handleForgery()
hook is invoked.
Otherwise, a token for the next request is prepared with prepareCsrfToken
.
X-XSS-Protection header support
X-XSS-Protection header support
- https://www.owasp.org/index.php/List_of_useful_HTTP_headers
Provides cross-site request forgery protection.
If a request is determined to be forged, the
handleForgery()
hook is invoked. Otherwise, a token for the next request is prepared withprepareCsrfToken
.