Class DSessionCsrfProtectionMiddleware

DSessionCsrfProtectionMiddleware

Modified 12.10.2024

Description

Provides CSRF protection via session based tokens. This middleware adds a CSRF token to the session. Each request must contain a token in request data, or the X-CSRF-Token header on each PATCH, POST, PUT, or DELETE request. This follows a `synchronizer token' pattern. If the request data is missing or does not match the session data, an InvalidCsrfTokenException will be raised. This middleware integrates with the FormHelper automatically and when used together your forms will have CSRF tokens automatically added when `this.Form.create(...)` is used in a view. If you use this middleware *do not* also use CsrfProtectionMiddleware.

Properties

Visibility

Is Abstract Is Final Is Static

Implements

Methods

Inherited	Abstract	Final	Static	Datatype	Header
				string	string saltToken(string tokenToSalt)
				IServerRequest	IServerRequest unsetTokenField(IServerRequest serverRequest)
				DServerRequest	DServerRequest replaceToken(ServerRequest serverRequest, string key = "csrfToken")
				this(Json[string]	this(Json[string] configData = null)
				void	void validateToken(IServerRequest serverRequest, DSession session)
				string	string unsaltToken(string atoken)
				string	string createToken()
				IResponse	IResponse process(IServerRequest serverRequest, IRequestHandler requestHandler)