ktor-server-csrf/io.ktor.server.plugins.csrf/CSRFConfig

CSRFConfig

class CSRFConfig

A configuration for the io.ktor.server.plugins.csrf.CSRF plugin.

Constructors

Link copied to clipboard
constructor()

Functions

Link copied to clipboard
fun allowOrigin(origin: String)

All incoming requests must have an "Origin" header matching one of the hosts defined using this method.

Link copied to clipboard
fun checkHeader(header: String, predicate: ApplicationCall.(String) -> Boolean = { true })

Checks if the given header is present on each call to the server, and if its value conforms to the optional predicate. If conditions already exist for the header, they must all be satisfied.

Link copied to clipboard
fun onFailure(handleFailure: suspend ApplicationCall.(String) -> Unit)

Handle CSRF error conditions. By default, a 400 response is returned with a string response containing the error. As with any security-related error, it is advised to log the problem and return some generic response.

Link copied to clipboard
fun originMatchesHost()

Checks if the "Origin" header has the same host as submitted in the "Host" header. This avoids needing to configure the expected host name where your application is deployed but will not work when it is deployed behind a proxy.