Class: CsrfUtil

CsrfUtil()

CSRF Utility methods.

Some methods to access the csrf-token information served by spring security.

The methods herein assume a certain HTML structure, which is easiest achieved by including a markup like the following in your base HTML file:

Constructor

new CsrfUtil()

Source:

Methods

(static) getContentFromMetaTagByName(name) → {type}

Parameters:
Name Type Description
name type

Description
Source:
Returns:

Description

Type
type

(static) getCsrfHeaderName() → {String}

Get the CSRF token key. This can be used if you want to send CSRF tokens as header. If you want to send it using a form parameter, use the method #getParamName instead.

In order for this method to produce reliable output, your base HTML page should contain a <meta>-tag in the <head> with name _csrf_header. The content attribute is best filled from Spring by using this variable: ${_csrf.headerName}.

Source:
Returns:
  • the key string, e.g. "X-CSRF-TOKEN" ort the empty string if the meta tag cannot be found.
Type
String

(static) getCsrfParameterName() → {String}

Get the name of the parameter to send when you want to pass CSRF tokens via a form. Alternatively you can use #getKey to get the name of the header to send for CSRF-protection.

In order for this method to produce reliable output, your base HTML page should contain a <meta>-tag in the <head> with name _csrf_parameter_name. The content attribute is best filled from Spring by using this variable: ${_csrf.parameterName}.

Source:
Returns:

The name of the parameter to send when sending CSRF tokens via forms, e.g. "_csrf" or the empty string if the meta tag cannot be found.

Type
String

(static) getCsrfValue() → {String}

Get the CSRF token value.

In order for this method to produce reliable output, your base HTML page should contain a <meta>-tag in the <head> with name _csrf. The content attribute is best filled from Spring by using this variable: ${_csrf.token}.

Source:
Returns:
  • the key value, e.g. "741a3b1-221f-4d1d-..." or the empty string if the meta tag cannot be found.
Type
String

(static) getHeader() → {Header}

Get the full CSRF token header object. Can directly be used in fetch, e.g. in the following way:

let csrfHeader = CsrfUtil.getHeader();

fetch(targetUrl, { method: 'POST', headers: csrfHeader })

Source:
Returns:

header - the header containing the CSRF key and value or an empty object if any of the required meta fields cannot be found.

Type
Header

(static) getHeaderObject() → {Object}

Returns a simple object containing CSRF header name as key and CSRF value as field value

Source:
Returns:

Simple object containing the CSRF key and value or an empty object if any of the required meta fields cannot be found.

Type
Object