package middleware
- Alphabetic
- Public
- All
Type Members
-
final
case class
CORSConfig(anyOrigin: Boolean, allowCredentials: Boolean, maxAge: Long, anyMethod: Boolean = true, allowedOrigins: (String) ⇒ Boolean = _ => false, allowedMethods: Option[Set[String]] = None, allowedHeaders: Option[Set[String]] = Set("Content-Type", "*").some, exposedHeaders: Option[Set[String]] = Set("*").some) extends Product with Serializable
CORS middleware config options.
CORS middleware config options. You can give an instance of this class to the CORS middleware, to specify its behavoir
-
final
class
CSRF extends AnyRef
Middleware to avoid Cross-site request forgery attacks.
Middleware to avoid Cross-site request forgery attacks. More info on CSRF at: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
This middleware is modeled after the double submit cookie pattern: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#DoubleSubmit_Cookie
When a user authenticates,
embedNew
is used to send a random CSRF value as a cookie. (Alterntively, an authenticating service can be wrapped inwithNewToken
). Services protected by thevalidaed
middleware then check that the value is prsent in both the headerheaderName
and the cookiecookieName
. Due to the Same-Origin policy, an attacker will be unable to reproduce this value in a custom header, resulting in a403 Forbidden
response.
Value Members
-
object
AutoSlash
Removes a trailing slash from Request path
- object CORS
- object CSRF
- object ChunkAggregator
-
object
DefaultHead
Handles HEAD requests as a GET without a body.
Handles HEAD requests as a GET without a body.
If the service returns the fallthrough response, the request is resubmitted as a GET. The resulting response's body is killed, but all headers are preserved. This is a naive, but correct, implementation of HEAD. Routes requiring more optimization should implement their own HEAD handler.
- object EntityLimiter
- object GZip
-
object
Jsonp
Middleware to support wrapping json responses in jsonp.
Middleware to support wrapping json responses in jsonp.
Jsonp wrapping occurs when the request contains a parameter with the given name and the request Content-Type is
application/json
.If the wrapping is done, the response Content-Type is changed into
application/javascript
and the appropriate jsonp callback is applied. - object PushSupport
- object Timeout
- object URITranslation
-
object
UrlFormLifter
Middleware for lifting application/x-www-form-urlencoded bodies into the request query params.
Middleware for lifting application/x-www-form-urlencoded bodies into the request query params.
The params are merged into the existing paras _after_ the existing query params. This means that if the query already contains the pair "foo" -> Some("bar"), parameters on the body must be acessed through
multiParams
. -
object
VirtualHost
Middleware for virtual host mapping
Middleware for virtual host mapping
The
VirtualHost
middleware allows multiple services to be mapped based on the org.http4s.headers.Host header of the org.http4s.Request.