CSRFUtil (The Adobe AEM Quickstart and Web Application.)

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- org.apache.jackrabbit.webdav.util.CSRFUtil

public class CSRFUtil
extends java.lang.Object

CSRFUtil...

Field Summary

Fields
Modifier and Type	Field and Description
`static java.util.Set<java.lang.String>`	`CONTENT_TYPES` Request content types for CSRF checking, see JCR-3909, JCR-4002, and JCR-4009
`static java.lang.String`	`DISABLED` Constant used to

Constructor Summary

Constructors
Constructor and Description
`CSRFUtil(java.lang.String config)` Creates a new instance from the specified configuration, which defines the behaviour of the referrer based CSRF protection as follows: If config is `null` or empty string the default behaviour is to allow only requests with an empty referrer header or a referrer host equal to the server host A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above). The value `DISABLED` may be used to disable the referrer checking altogether

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type Method and Description

boolean isValidRequest(HttpServletRequest request)
- Methods inherited from class java.lang.Object
  equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - DISABLED
```
public static final java.lang.String DISABLED
```
    Constant used to
    
    See Also:
    
    Constant Field Values
  - CONTENT_TYPES
```
public static final java.util.Set<java.lang.String> CONTENT_TYPES
```
    Request content types for CSRF checking, see JCR-3909, JCR-4002, and JCR-4009
- Constructor Detail
  - CSRFUtil
```
public CSRFUtil(java.lang.String config)
```
    Creates a new instance from the specified configuration, which defines the behaviour of the referrer based CSRF protection as follows:
    1. If config is null or empty string the default behaviour is to allow only requests with an empty referrer header or a referrer host equal to the server host
    2. A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above).
    3. The value DISABLED may be used to disable the referrer checking altogether
    Parameters:
    config - The configuration value which may be any of the following:
    
    null or empty string for the default behaviour, which only allows requests with an empty referrer header or a referrer host equal to the server host
    
    A comma separated list of additional allowed referrer hosts which are valid in addition to default behaviour (see above).
    
    DISABLED in order to disable the referrer checking altogether
- Method Detail
  - isValidRequest
```
public boolean isValidRequest(HttpServletRequest request)
```

Skip navigation links

Prev Class
Next Class

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2010 - 2020 Adobe. All Rights Reserved