Class XSRFGate
java.lang.Object
com.zfabrik.util.microweb.actions.XSRFGate
- All Implemented Interfaces:
IAction
In order to block Cross-Site Request Forgery attacks, we require that
a request provides the current session id as a parameter by the name
jsessionid.
This blocks attackers that send GETs or POSTs to foreign domain from
invoking an action.
-
Field Details
-
XSRF_COOKIES
-
XSRF_PASSKEY
- See Also:
-
-
Constructor Details
-
XSRFGate
-
-
Method Details
-
handle
public OutCome handle(jakarta.servlet.ServletContext context, jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res) throws jakarta.servlet.ServletException, IOException - Specified by:
handle
in interfaceIAction
- Throws:
jakarta.servlet.ServletException
IOException
-
check
-