public class CsrfSecurityFilter extends AbstractMgnlFilter
This filter passes if:
To provide flexibility, two of the key checks are performed with voters in the filters bypasses node. The default bypasses configured are:
To add more bypasses (i.e. to 'white-list' specific referrer domains or uris) use for example:
Constructor and Description |
---|
CsrfSecurityFilter() |
Modifier and Type | Method and Description |
---|---|
void |
doFilter(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain) |
protected void |
handlePossibleCsrf(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
String url)
Actions to take when a CSRF attack is detected.
|
acceptsEncoding, acceptsGzipEncoding, addAndVerifyHeader, addBypass, addMapping, bypasses, destroy, doFilter, getBypasses, getDispatching, getMapping, getMappings, getName, headerContains, init, isEnabled, mapsTo, matches, matchesDispatching, setBypasses, setDispatching, setEnabled, setMappings, setName
public static final String REFERRER
public void doFilter(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in class AbstractMgnlFilter
IOException
javax.servlet.ServletException
protected void handlePossibleCsrf(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String url)
HttpServletResponse.SC_BAD_REQUEST
.Copyright © 2003–2016 Magnolia International Ltd.. All rights reserved.