public class CSRFUtil
extends java.lang.Object
CSRFUtil
...Modifier and Type | Field and Description |
---|---|
static java.util.Set<java.lang.String> |
CONTENT_TYPES
Request content types for CSRF checking, see JCR-3909, JCR-4002, and JCR-4009
|
static java.lang.String |
DISABLED
Constant used to
|
Constructor and Description |
---|
CSRFUtil(java.lang.String config)
Creates a new instance from the specified configuration, which defines
the behaviour of the referrer based CSRF protection as follows:
If config is
null or empty string the default
behaviour is to allow only requests with an empty referrer header or a
referrer host equal to the server host
A comma separated list of additional allowed referrer hosts which are
valid in addition to default behaviour (see above).
The value DISABLED may be used to disable the referrer checking altogether
|
Modifier and Type | Method and Description |
---|---|
boolean |
isValidRequest(HttpServletRequest request) |
public static final java.lang.String DISABLED
public static final java.util.Set<java.lang.String> CONTENT_TYPES
public CSRFUtil(java.lang.String config)
null
or empty string the default
behaviour is to allow only requests with an empty referrer header or a
referrer host equal to the server hostDISABLED
may be used to disable the referrer checking altogetherconfig
- The configuration value which may be any of the following:
null
or empty string for the default behaviour, which
only allows requests with an empty referrer header or a
referrer host equal to the server hostDISABLED
in order to disable the referrer checking altogether"Copyright © 2010 - 2020 Adobe Systems Incorporated. All Rights Reserved"