Options
All
  • Public
  • Public/Protected
  • All
Menu

Class CsrfUtil

CSRF Utility methods.

Some methods to access the csrf-token information served by spring security.

The methods herein assume a certain HTML structure, which is easiest achieved by including a markup like the following in your base HTML file:

Hierarchy

  • CsrfUtil

Index

Constructors

Methods

Constructors

constructor

Methods

Static getContentFromMetaTagByName

  • getContentFromMetaTagByName(name: string): string

  • Finds the meta tag in the current document by the given name and returns it's content.

    Parameters

    • name: string

      Description

    Returns string

    Description

Static getCsrfHeaderName

  • getCsrfHeaderName(): string

  • Get the CSRF token key. This can be used if you want to send CSRF tokens as header. If you want to send it using a form parameter, use the method #getParamName instead.

    In order for this method to produce reliable output, your base HTML page should contain a <meta>-tag in the <head> with name _csrf_header. The content attribute is best filled from Spring by using this variable: ${_csrf.headerName}.

    Returns string

    • the key string, e.g. "X-CSRF-TOKEN" ort the empty string if the meta tag cannot be found.

Static getCsrfParameterName

  • getCsrfParameterName(): string

  • Get the name of the parameter to send when you want to pass CSRF tokens via a form. Alternatively you can use #getKey to get the name of the header to send for CSRF-protection.

    In order for this method to produce reliable output, your base HTML page should contain a <meta>-tag in the <head> with name _csrf_parameter_name. The content attribute is best filled from Spring by using this variable: ${_csrf.parameterName}.

    Returns string

    The name of the parameter to send when sending CSRF tokens via forms, e.g. "_csrf" or the empty string if the meta tag cannot be found.

Static getCsrfValue

  • getCsrfValue(): string

  • Get the CSRF token value.

    In order for this method to produce reliable output, your base HTML page should contain a <meta>-tag in the <head> with name _csrf. The content attribute is best filled from Spring by using this variable: ${_csrf.token}.

    Returns string

    • the key value, e.g. "741a3b1-221f-4d1d-..." or the empty string if the meta tag cannot be found.

Static getCsrfValueFromCookie

  • getCsrfValueFromCookie(): string

  • Get the CSRF token value from the XSRF-TOKEN cookie. Alternative to the getCsrfValue method.

    When using Spring Security, a CookieCsrfTokenRepository has to be configured to persist the CSRF token.

    Returns string

    • the key value, e.g. "741a3b1-221f-4d1d-..." or an empty string if the XSRF_TOKEN cookie cannot be found.

Static getHeader

  • getHeader(): Headers

  • Get the full CSRF token header object. Can directly be used in fetch, e.g. in the following way:

    let csrfHeader = CsrfUtil.getHeader();

    fetch(targetUrl, { method: 'POST', headers: csrfHeader })

    Returns Headers

    header - the header containing the CSRF key and value or an empty object if any of the required meta fields cannot be found.

Static getHeaderObject

  • getHeaderObject(): object

  • Returns a simple object containing CSRF header name as key and CSRF value as field value

    Returns object

    Simple object containing the CSRF key and value or an empty object if any of the required meta fields cannot be found.

Generated using TypeDoc