- <init>
- isChecked
Override to limit whether the request to the specific page should be checked for
a possible CSRF att
- abortHandler
Handles the case where an Origin HTTP header was not present or did not match
the request origin, an
- addAcceptedOrigin
Adds an origin (host name/domain name) to the white list. An origin is in the
form of .<
- allowHandler
Handles the case where an Origin HTTP header was not present or did not match
the request origin, an
- checkRequest
Performs the check of the Origin or Referer header that is targeted at the page.
- getSourceUri
Resolves the source URI from the request headers ( Origin or Referer).
- getTargetUriFromRequest
Creates a RFC-6454 comparable URI from the request requested resource.
- isEnabled
Dynamic override for enabling/disabling the CSRF detection. Might be handy for
specific tenants in a
- isLocalOrigin
Checks whether the Origin HTTP header of the request matches where the request
came from.
- isWhitelistedHost
Checks whether the domain part of the sourceUri ( Origin or Refererheader) is
whitelisted.
- matchingOrigin
Handles the case where an origin was checked and matched the request origin.
Default action is to al