CSRFUtil (Apache Jackrabbit 2.14.10 API)

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- org.apache.jackrabbit.webdav.util.CSRFUtil

```
public class CSRFUtil
extends Object
```
CSRFUtil...

Field Summary

Fields
Modifier and Type	Field and Description
`static Set<String>`	`CONTENT_TYPES` Request content types for CSRF checking, see JCR-3909, JCR-4002, and JCR-4009
`static String`	`DISABLED` Constant used to

Constructor Summary

Constructors
Constructor and Description
`CSRFUtil(String config)` Creates a new instance from the specified configuration, which defines the behaviour of the referrer based CSRF protection as follows: If config is `null` or empty string the default behaviour is to allow only requests with an empty referrer header or a referrer host equal to the server host A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above). The value `DISABLED` may be used to disable the referrer checking altogether

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type Method and Description

boolean isValidRequest(javax.servlet.http.HttpServletRequest request)
- Methods inherited from class java.lang.Object
  clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - DISABLED
```
public static final String DISABLED
```
    Constant used to
    
    See Also:
    
    Constant Field Values
  - CONTENT_TYPES
```
public static final Set<String> CONTENT_TYPES
```
    Request content types for CSRF checking, see JCR-3909, JCR-4002, and JCR-4009
- Constructor Detail
  - CSRFUtil
```
public CSRFUtil(String config)
```
    Creates a new instance from the specified configuration, which defines the behaviour of the referrer based CSRF protection as follows:
    1. If config is null or empty string the default behaviour is to allow only requests with an empty referrer header or a referrer host equal to the server host
    2. A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above).
    3. The value DISABLED may be used to disable the referrer checking altogether
    Parameters:
    config - The configuration value which may be any of the following:
    
    null or empty string for the default behaviour, which only allows requests with an empty referrer header or a referrer host equal to the server host
    
    A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above).
    
    DISABLED in order to disable the referrer checking altogether
- Method Detail
  - isValidRequest
```
public boolean isValidRequest(javax.servlet.http.HttpServletRequest request)
```

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2004–2021 The Apache Software Foundation. All rights reserved.