Class CSRFUtil
- java.lang.Object
-
- org.apache.jackrabbit.webdav.util.CSRFUtil
-
public class CSRFUtil extends Object
CSRFUtil
...
-
-
Field Summary
Fields Modifier and Type Field Description static Set<String>
CONTENT_TYPES
Request content types for CSRF checking, see JCR-3909, JCR-4002, and JCR-4009static String
DISABLED
Constant used to
-
Constructor Summary
Constructors Constructor Description CSRFUtil(String config)
Creates a new instance from the specified configuration, which defines the behaviour of the referrer based CSRF protection as follows: If config isnull
or empty string the default behaviour is to allow only requests with an empty referrer header or a referrer host equal to the server host A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above). The valueDISABLED
may be used to disable the referrer checking altogether
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
isValidRequest(javax.servlet.http.HttpServletRequest request)
-
-
-
Field Detail
-
DISABLED
public static final String DISABLED
Constant used to- See Also:
- Constant Field Values
-
-
Constructor Detail
-
CSRFUtil
public CSRFUtil(String config)
Creates a new instance from the specified configuration, which defines the behaviour of the referrer based CSRF protection as follows:- If config is
null
or empty string the default behaviour is to allow only requests with an empty referrer header or a referrer host equal to the server host - A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above).
- The value
DISABLED
may be used to disable the referrer checking altogether
- Parameters:
config
- The configuration value which may be any of the following:null
or empty string for the default behaviour, which only allows requests with an empty referrer header or a referrer host equal to the server host- A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above).
DISABLED
in order to disable the referrer checking altogether
- If config is
-
-