Package io.micronaut.security.csrf

Interface CsrfConfiguration

All Superinterfaces:

io.micronaut.http.cookie.CookieConfiguration, io.micronaut.core.util.Toggleable

public interface CsrfConfiguration
extends io.micronaut.http.cookie.CookieConfiguration, io.micronaut.core.util.Toggleable

CSRF Configuration.

Since:

4.11.0

Author:

Sergio del Amo

Field Summary

Fields

Modifier and Type	Field	Description
static final String	PREFIX

Method Summary

Modifier and Type	Method	Description
@NonNull String	getFieldName()
@NonNull String	getHeaderName()	HTTP Header name to look for the CSRF token.
@NonNull String	getHttpSessionName()
int	getRandomValueSize()
@Nullable String	getSecretKey()

Methods inherited from interface io.micronaut.http.cookie.CookieConfiguration

getCookieDomain, getCookieMaxAge, getCookieName, getCookiePath, getCookieSameSite, isCookieHttpOnly, isCookieSecure

Methods inherited from interface io.micronaut.core.util.Toggleable

isEnabled

Field Details

PREFIX

static final String PREFIX

See Also:

• Constant Field Values

Method Details

getRandomValueSize

int getRandomValueSize()

Returns:

Random value's size in bytes. The random value used is used to build a CSRF Token.

getSecretKey

@Nullable
@Nullable String getSecretKey()

Returns:

The Secret Key that is used to calculate an HMAC as part of a CSRF token generation.

getHeaderName

@NonNull
@NonNull String getHeaderName()

HTTP Header name to look for the CSRF token. It is recommended to use a custom request header. By using a custom HTTP Header name, it will not be possible to send them cross-origin without a permissive CORS implementation.

Returns:

HTTP Header name to look for the CSRF token.

getHttpSessionName

@NonNull
@NonNull String getHttpSessionName()

Returns:

Key to look for the CSRF token in an HTTP Session.

getFieldName

@NonNull
@NonNull String getFieldName()

Returns:

Field name in a form url encoded submission to look for the CSRF token.