Methods
(static) getContentFromMetaTagByName(name) → {type}
Parameters:
Name | Type | Description |
---|---|---|
name |
type | Description |
- Source:
Returns:
Description
- Type
- type
(static) getCsrfHeaderName() → {String}
Get the CSRF token key. This can be used if you want to send CSRF tokens as header. If you want to send it using a form parameter, use the method #getParamName instead.
In order for this method to produce reliable output, your base HTML
page should contain a <meta>
-tag in the <head>
with name
_csrf_header
. The content
attribute is best filled from Spring by
using this variable: ${_csrf.headerName}
.
- Source:
Returns:
- the key string, e.g. "X-CSRF-TOKEN" ort the empty string if the meta tag cannot be found.
- Type
- String
(static) getCsrfParameterName() → {String}
Get the name of the parameter to send when you want to pass CSRF tokens via a form. Alternatively you can use #getKey to get the name of the header to send for CSRF-protection.
In order for this method to produce reliable output, your base HTML
page should contain a <meta>
-tag in the <head>
with name
_csrf_parameter_name
. The content
attribute is best filled from
Spring by using this variable: ${_csrf.parameterName}
.
- Source:
Returns:
The name of the parameter to send when sending CSRF tokens via forms, e.g. "_csrf" or the empty string if the meta tag cannot be found.
- Type
- String
(static) getCsrfValue() → {String}
Get the CSRF token value.
In order for this method to produce reliable output, your base HTML
page should contain a <meta>
-tag in the <head>
with name
_csrf
. The content
attribute is best filled from Spring by
using this variable: ${_csrf.token}
.
- Source:
Returns:
- the key value, e.g. "741a3b1-221f-4d1d-..." or the empty string if the meta tag cannot be found.
- Type
- String
(static) getHeader() → {Header}
Get the full CSRF token header object. Can directly be used in fetch, e.g. in the following way:
let csrfHeader = CsrfUtil.getHeader();
fetch(targetUrl, { method: 'POST', headers: csrfHeader })
- Source:
Returns:
header - the header containing the CSRF key and value or an empty object if any of the required meta fields cannot be found.
- Type
- Header
(static) getHeaderObject() → {Object}
Returns a simple object containing CSRF header name as key and CSRF value as field value
- Source:
Returns:
Simple object containing the CSRF key and value or an empty object if any of the required meta fields cannot be found.
- Type
- Object