Set the cookie httpOnly attribute. When setting to false the CSRF handler will behave in
Double Submit Cookie mode. When set to true then it will operate in Cookie-to-header mode.
For more information https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie
Set the cookie name. By default XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.
Set the cookie path. By default / is used.
Sets the cookie secure flag. When set this flag instructs browsers to only send the cookie over HTTPS.
Set the header name. By default X-XSRF-TOKEN is used as it is the expected name by AngularJS however other frameworks might use other names.
Should the handler give warning messages if this handler is used in other than https protocols?
Set the origin for this server. When this value is set, extra validation will occur. The request must match the origin server, port and protocol.
Set the timeout for tokens generated by the handler, by default it uses the default from the session handler.
Instantiate a new CSRFHandlerImpl with a secret
CSRFHandler.create("s3cr37")
Generated using TypeDoc
This handler adds a CSRF token to requests which mutate state. In order change the state a (XSRF-TOKEN) cookie is set with a unique token, that is expected to be sent back in a (X-XSRF-TOKEN) header.
The behavior is to check the request body header and cookie for validity.
This Handler requires session support, thus should be added somewhere below Session and Body handlers.