Package io.quarkus.vertx.http.security

Interface CSRF.Builder

Enclosing interface:
CSRF
public static interface CSRF.Builder
The Quarkus CSRF prevention configuration builder.

  • Method Details

    • formFieldName

      CSRF.Builder formFieldName(String formFieldName)
      Form field name which keeps a CSRF token. The default field name is "csrf-token".
      Parameters:
      formFieldName - form field name
      Returns:
      this builder

    • tokenHeaderName

      CSRF.Builder tokenHeaderName(String tokenHeaderName)
      The token header name which can provide a CSRF token. The default name is "X-CSRF-TOKEN".
      Parameters:
      tokenHeaderName - the CSRF token header name
      Returns:
      this builder

    • cookieName

      CSRF.Builder cookieName(String cookieName)
      The CSRF cookie name. The default name is "csrf-token".
      Parameters:
      cookieName - the CSRF cookie name
      Returns:
      this builder

    • cookieMaxAge

      CSRF.Builder cookieMaxAge(Duration cookieMaxAge)
      The CSRF cookie max age. The default max age are 2 hours.
      Parameters:
      cookieMaxAge - the CSRF cookie max age
      Returns:
      this builder

    • cookiePath

      CSRF.Builder cookiePath(String cookiePath)
      The CSRF cookie path. The default path is "/".
      Parameters:
      cookiePath - the CSRF cookie path
      Returns:
      this builder

    • cookieDomain

      CSRF.Builder cookieDomain(String cookieDomain)
      The CSRF cookie domain.
      Parameters:
      cookieDomain - the CSRF cookie domain
      Returns:
      this builder

    • cookieForceSecure

      CSRF.Builder cookieForceSecure()
      Set the 'secure' parameter on the CSRF cookie to 'true' when the HTTP protocol is used. The cookie will always be secure if the HTTPS protocol is used, even if this method is not called.
      Returns:
      this builder

    • cookieHttpOnly

      CSRF.Builder cookieHttpOnly(boolean cookieHttpOnly)
      Set the HttpOnly attribute to prevent access to the cookie via JavaScript. The HttpOnly attribute is set by default.
      Parameters:
      cookieHttpOnly - if the HttpOnly attribute should be set
      Returns:
      this builder

    • createTokenPath

      CSRF.Builder createTokenPath(String createTokenPath)
      This method is a shortcut for createTokenPath(Set.of(createTokenPath)).
      Returns:
      this builder
      See Also:

    • createTokenPath

      CSRF.Builder createTokenPath(Set<String> createTokenPath)
      Create CSRF token only if the HTTP GET relative request path matches one of configured paths.
      Parameters:
      createTokenPath - list of the HTTP GET requests paths for which Quarkus should create a token
      Returns:
      this builder

    • tokenSize

      CSRF.Builder tokenSize(int tokenSize)
      Random CSRF token size in bytes. The default size in bytes is 16.
      Parameters:
      tokenSize - the token size in bytes
      Returns:
      this builder

    • tokenSignatureKey

      CSRF.Builder tokenSignatureKey(String tokenSignatureKey)
      The CSRF token signature key.
      Parameters:
      tokenSignatureKey - the CSRF token signature key
      Returns:
      this builder

    • requireFormUrlEncoded

      CSRF.Builder requireFormUrlEncoded(boolean requireFormUrlEncoded)
      Require that only 'application/x-www-form-urlencoded' or 'multipart/form-data' body is accepted for the token verification to proceed. Required by default.
      Parameters:
      requireFormUrlEncoded - if only 'application/x-www-form-urlencoded' or 'multipart/form-data' body is allowed
      Returns:
      this builder

    • build

      CSRF build()
      Create a new CSRF configuration.
      Returns:
      CSRF instance, which should be passed to the HttpSecurity event