org.apache.jackrabbit.webdav.util
Class CSRFUtil
java.lang.Object
org.apache.jackrabbit.webdav.util.CSRFUtil
public class CSRFUtil
- extends Object
CSRFUtil
...
Constructor Summary |
CSRFUtil(String config)
Creates a new instance from the specified configuration, which defines
the behaviour of the referrer based CSRF protection as follows:
If config is null or empty string the default
behaviour is to allow only requests with an empty referrer header or a
referrer host equal to the server host
A comma separated list of additional allowed referrer hosts which are
valid in addition to default behaviour (see above).
The value DISABLED may be used to disable the referrer checking altogether
|
Method Summary |
boolean |
isValidRequest(javax.servlet.http.HttpServletRequest request)
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
DISABLED
public static final String DISABLED
- Constant used to
- See Also:
- Constant Field Values
CSRFUtil
public CSRFUtil(String config)
- Creates a new instance from the specified configuration, which defines
the behaviour of the referrer based CSRF protection as follows:
- If config is
null
or empty string the default
behaviour is to allow only requests with an empty referrer header or a
referrer host equal to the server host
- A comma separated list of additional allowed referrer hosts which are
valid in addition to default behaviour (see above).
- The value
DISABLED
may be used to disable the referrer checking altogether
- Parameters:
config
- The configuration value which may be any of the following:
null
or empty string for the default behaviour, which
only allows requests with an empty referrer header or a
referrer host equal to the server host
- A comma separated list of additional allowed referrer hosts which are
valid in addition to default behaviour (see above).
DISABLED
in order to disable the referrer checking altogether
isValidRequest
public boolean isValidRequest(javax.servlet.http.HttpServletRequest request)
throws MalformedURLException
- Throws:
MalformedURLException
Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.