Packages

final class CSRF extends AnyRef

Middleware to avoid Cross-site request forgery attacks. More info on CSRF at: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

This middleware is modeled after the double submit cookie pattern: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#DoubleSubmit_Cookie

When a user authenticates, embedNew is used to send a random CSRF value as a cookie. (Alterntively, an authenticating service can be wrapped in withNewToken). Services protected by the validaed middleware then check that the value is prsent in both the header headerName and the cookie cookieName. Due to the Same-Origin policy, an attacker will be unable to reproduce this value in a custom header, resulting in a 403 Forbidden response.

Source
CSRF.scala
Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. CSRF
  2. AnyRef
  3. Any
Implicitly
  1. by any2stringadd
  2. by StringFormat
  3. by Ensuring
  4. by ArrowAssoc
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##(): Int
    Definition Classes
    AnyRef → Any
  3. def +(other: String): String
    Implicit
    This member is added by an implicit conversion from CSRF to any2stringadd[CSRF] performed by method any2stringadd in scala.Predef.
    Definition Classes
    any2stringadd
  4. def ->[B](y: B): (CSRF, B)
    Implicit
    This member is added by an implicit conversion from CSRF to ArrowAssoc[CSRF] performed by method ArrowAssoc in scala.Predef.
    Definition Classes
    ArrowAssoc
    Annotations
    @inline()
  5. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  6. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  7. def clone(): AnyRef
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )
  8. val cookieName: String
  9. def embedNew(res: MaybeResponse): Task[MaybeResponse]

    Embed a token into a response *

  10. def ensuring(cond: (CSRF) ⇒ Boolean, msg: ⇒ Any): CSRF
    Implicit
    This member is added by an implicit conversion from CSRF to Ensuring[CSRF] performed by method Ensuring in scala.Predef.
    Definition Classes
    Ensuring
  11. def ensuring(cond: (CSRF) ⇒ Boolean): CSRF
    Implicit
    This member is added by an implicit conversion from CSRF to Ensuring[CSRF] performed by method Ensuring in scala.Predef.
    Definition Classes
    Ensuring
  12. def ensuring(cond: Boolean, msg: ⇒ Any): CSRF
    Implicit
    This member is added by an implicit conversion from CSRF to Ensuring[CSRF] performed by method Ensuring in scala.Predef.
    Definition Classes
    Ensuring
  13. def ensuring(cond: Boolean): CSRF
    Implicit
    This member is added by an implicit conversion from CSRF to Ensuring[CSRF] performed by method Ensuring in scala.Predef.
    Definition Classes
    Ensuring
  14. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  15. def equals(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  16. def finalize(): Unit
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )
  17. def formatted(fmtstr: String): String
    Implicit
    This member is added by an implicit conversion from CSRF to StringFormat[CSRF] performed by method StringFormat in scala.Predef.
    Definition Classes
    StringFormat
    Annotations
    @inline()
  18. final def getClass(): Class[_]
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  19. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native()
  20. val headerName: String
  21. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  22. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  23. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  24. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native()
  25. final def synchronized[T0](arg0: ⇒ T0): T0
    Definition Classes
    AnyRef
  26. def toString(): String
    Definition Classes
    AnyRef → Any
  27. def validate(predicate: (Request) ⇒ Boolean = _.method.isSafe): HttpMiddleware

    Constructs a middleware that will check for the csrf token presence on both the proper cookie, and header values.

    Constructs a middleware that will check for the csrf token presence on both the proper cookie, and header values.

    If it is a valid token, it will then embed a new one, to effectively randomize the complete token while avoiding the generation of a new secure random Id, to guard against [BREACH](http://breachattack.com/)

  28. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  29. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )
  30. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @throws( ... )
  31. def withNewToken: HttpMiddleware

    Middleware to embed a csrf token into routes that do not have one.

    Middleware to embed a csrf token into routes that do not have one. *

  32. def [B](y: B): (CSRF, B)
    Implicit
    This member is added by an implicit conversion from CSRF to ArrowAssoc[CSRF] performed by method ArrowAssoc in scala.Predef.
    Definition Classes
    ArrowAssoc

Inherited from AnyRef

Inherited from Any

Inherited by implicit conversion any2stringadd from CSRF to any2stringadd[CSRF]

Inherited by implicit conversion StringFormat from CSRF to StringFormat[CSRF]

Inherited by implicit conversion Ensuring from CSRF to Ensuring[CSRF]

Inherited by implicit conversion ArrowAssoc from CSRF to ArrowAssoc[CSRF]

Ungrouped