Packages

p

org.http4s.server

middleware

package middleware

Ordering
  1. Alphabetic
Visibility
  1. Public
  2. All

Type Members

  1. final case class CORSConfig(anyOrigin: Boolean, allowCredentials: Boolean, maxAge: Long, anyMethod: Boolean = true, allowedOrigins: (String) ⇒ Boolean = _ => false, allowedMethods: Option[Set[String]] = None, allowedHeaders: Option[Set[String]] = Set("Content-Type", "*").some, exposedHeaders: Option[Set[String]] = Set("*").some) extends Product with Serializable

    CORS middleware config options.

    CORS middleware config options. You can give an instance of this class to the CORS middleware, to specify its behavoir

  2. final class CSRF extends AnyRef

    Middleware to avoid Cross-site request forgery attacks.

    Middleware to avoid Cross-site request forgery attacks. More info on CSRF at: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

    This middleware is modeled after the double submit cookie pattern: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#DoubleSubmit_Cookie

    When a user authenticates, embedNew is used to send a random CSRF value as a cookie. (Alterntively, an authenticating service can be wrapped in withNewToken). Services protected by the validaed middleware then check that the value is prsent in both the header headerName and the cookie cookieName. Due to the Same-Origin policy, an attacker will be unable to reproduce this value in a custom header, resulting in a 403 Forbidden response.

Value Members

  1. object AutoSlash

    Removes a trailing slash from Request path

    Removes a trailing slash from Request path

    If a route exists with a file style Uri, eg "/foo", this middleware will cause Requests with uri = "/foo" and uri = "/foo/" to match the route.

  2. object CORS
  3. object CSRF
  4. object ChunkAggregator
  5. object DefaultHead

    Handles HEAD requests as a GET without a body.

    Handles HEAD requests as a GET without a body.

    If the service returns the fallthrough response, the request is resubmitted as a GET. The resulting response's body is killed, but all headers are preserved. This is a naive, but correct, implementation of HEAD. Routes requiring more optimization should implement their own HEAD handler.

  6. object EntityLimiter
  7. object GZip
  8. object Jsonp

    Middleware to support wrapping json responses in jsonp.

    Middleware to support wrapping json responses in jsonp.

    Jsonp wrapping occurs when the request contains a parameter with the given name and the request Content-Type is application/json.

    If the wrapping is done, the response Content-Type is changed into application/javascript and the appropriate jsonp callback is applied.

  9. object PushSupport
  10. object Timeout
  11. object URITranslation
  12. object UrlFormLifter

    Middleware for lifting application/x-www-form-urlencoded bodies into the request query params.

    Middleware for lifting application/x-www-form-urlencoded bodies into the request query params.

    The params are merged into the existing paras _after_ the existing query params. This means that if the query already contains the pair "foo" -> Some("bar"), parameters on the body must be acessed through multiParams.

  13. object VirtualHost

    Middleware for virtual host mapping

    Middleware for virtual host mapping

    The VirtualHost middleware allows multiple services to be mapped based on the org.http4s.headers.Host header of the org.http4s.Request.

Ungrouped