public class CSRFUtil extends Object
CSRFUtil
...Modifier and Type | Field and Description |
---|---|
static Set<String> |
CONTENT_TYPES
Request content types for CSRF checking, see JCR-3909, JCR-4002, and JCR-4009
|
static String |
DISABLED
Constant used to
|
Constructor and Description |
---|
CSRFUtil(String config)
Creates a new instance from the specified configuration, which defines
the behaviour of the referrer based CSRF protection as follows:
If config is
null or empty string the default
behaviour is to allow only requests with an empty referrer header or a
referrer host equal to the server host
A comma separated list of additional allowed referrer hosts which are
valid in addition to default behaviour (see above).
The value DISABLED may be used to disable the referrer checking altogether
|
Modifier and Type | Method and Description |
---|---|
boolean |
isValidRequest(javax.servlet.http.HttpServletRequest request) |
public static final String DISABLED
public CSRFUtil(String config)
null
or empty string the default
behaviour is to allow only requests with an empty referrer header or a
referrer host equal to the server hostDISABLED
may be used to disable the referrer checking altogetherconfig
- The configuration value which may be any of the following:
null
or empty string for the default behaviour, which
only allows requests with an empty referrer header or a
referrer host equal to the server hostDISABLED
in order to disable the referrer checking altogetherCopyright © 2004–2022 The Apache Software Foundation. All rights reserved.