final class CSRF[F[_], G[_]] extends AnyRef
Middleware to avoid Cross-site request forgery attacks. More info on CSRF at: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
This middleware is modeled after the double submit cookie pattern: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Double_Submit_Cookie
When a user authenticates, embedNew
is used to send a random CSRF value as a cookie. (Alternatively,
an authenticating service can be wrapped in withNewToken
).
By default, for requests that are unsafe (PUT, POST, DELETE, PATCH), services protected by the validated
method in the
middleware will check that the csrf token is present in both the header headerName
and the cookie cookieName
.
Due to the Same-Origin policy, an attacker will be unable to reproduce this value in a
custom header, resulting in a 403 Forbidden
response.
By default, requests with safe methods (such as GET, OPTIONS, HEAD) will have a new token embedded in them if there isn't one,
or will receive a refreshed token based off of the previous token to mitigate the BREACH vulnerability. If a request
contains an invalid token, regardless of whether it is a safe method, this middleware will fail it with
403 Forbidden
. In this situation, your user(s) should clear their cookies for your page, to receive a new
token.
The default can be overridden by modifying the predicate
in validate
. It will, by default, check if the method is safe.
Thus, you can provide some whitelisting capability for certain kinds of requests.
We'd like to emphasize that you please follow proper design principles in creating endpoints, as to not mutate in what should otherwise be idempotent methods (i.e no dropping your DB in a GET method, or altering user data). Please do not use the CSRF protection from this middleware as a safety net for bad design.
- Self Type
- CSRF[F, G]
- Source
- CSRF.scala
- Alphabetic
- By Inheritance
- CSRF
- AnyRef
- Any
- Hide All
- Show All
- Public
- All
Value Members
-
final
def
!=(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
##(): Int
- Definition Classes
- AnyRef → Any
-
final
def
==(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
final
def
asInstanceOf[T0]: T0
- Definition Classes
- Any
-
def
checkCSRF(r: Request[G], http: F[Response[G]]): F[Response[G]]
Check for CSRF validity for an unsafe action.
-
def
checkCSRFToken(r: Request[G], respAction: F[Response[G]], rawToken: String)(implicit F: Sync[F]): F[Response[G]]
Check for CSRF validity for an unsafe action.
Check for CSRF validity for an unsafe action.
Exposed to users in case of manual plumbing of csrf token (i.e websocket or query param)
-
def
clone(): AnyRef
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( ... ) @native()
- def createRequestCookie(token: CSRFToken): RequestCookie
-
def
createResponseCookie(token: CSRFToken): ResponseCookie
Create a Response cookie from a signed CSRF token
Create a Response cookie from a signed CSRF token
- token
the signed csrf token
- def embedInRequestCookie(r: Request[G], token: CSRFToken): Request[G]
- def embedInResponseCookie(r: Response[G], token: CSRFToken): Response[G]
-
def
embedNewInResponseCookie[M[_]](res: Response[G])(implicit arg0: Sync[M]): M[Response[G]]
Embed a token into a response
-
final
def
eq(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
def
equals(arg0: Any): Boolean
- Definition Classes
- AnyRef → Any
-
def
extractRaw(rawToken: String): Either[CSRFCheckFailed, String]
Decode our CSRF token, check the signature and extract the original token string to sign
-
def
finalize(): Unit
- Attributes
- protected[lang]
- Definition Classes
- AnyRef
- Annotations
- @throws( classOf[java.lang.Throwable] )
-
def
generateToken[M[_]](implicit F: Sync[M]): M[CSRFToken]
Generate a new token
-
final
def
getClass(): Class[_]
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
- def getHeaderToken(r: Request[G]): Option[String]
-
def
hashCode(): Int
- Definition Classes
- AnyRef → Any
- Annotations
- @native()
-
final
def
isInstanceOf[T0]: Boolean
- Definition Classes
- Any
-
final
def
ne(arg0: AnyRef): Boolean
- Definition Classes
- AnyRef
-
final
def
notify(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
-
final
def
notifyAll(): Unit
- Definition Classes
- AnyRef
- Annotations
- @native()
- def onfailureF: F[Response[G]]
-
def
refreshOrCreate[M[_]](r: Request[G])(implicit F: Sync[M]): EitherT[M, CSRFCheckFailed, CSRFToken]
Extract a
CsrfToken
, if present, from the request, then try generate a new token signature, or fail with a validation error.Extract a
CsrfToken
, if present, from the request, then try generate a new token signature, or fail with a validation error. If not present, generate a new token- returns
newly refreshed token
-
def
refreshedToken[M[_]](r: Request[G])(implicit F: Sync[M]): EitherT[M, CSRFCheckFailed, CSRFToken]
Extract a
CsrfToken
, if present, from the request, then try to generate a new token signature, or fail with a validation errorExtract a
CsrfToken
, if present, from the request, then try to generate a new token signature, or fail with a validation error- returns
newly refreshed token
-
def
signToken[M[_]](rawToken: String)(implicit F: Sync[M]): M[CSRFToken]
Sign our token using the current time in milliseconds as a nonce Signing and generating a token is potentially a unsafe operation if constructed with a bad key.
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
- Definition Classes
- AnyRef
-
def
toString(): String
- Definition Classes
- AnyRef → Any
-
def
validate(predicate: (Request[G]) ⇒ Boolean = _.method.isSafe): Middleware[F, Request[G], Response[G], Request[G], Response[G]]
Constructs a middleware that will check for the csrf token presence on both the proper cookie, and header values, if the predicate is not satisfied
Constructs a middleware that will check for the csrf token presence on both the proper cookie, and header values, if the predicate is not satisfied
If it is a valid token, it will then embed a new one, to effectively randomize the complete token while avoiding the generation of a new secure random Id, to guard against [BREACH](http://breachattack.com/)
-
final
def
wait(): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long, arg1: Int): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... )
-
final
def
wait(arg0: Long): Unit
- Definition Classes
- AnyRef
- Annotations
- @throws( ... ) @native()