ktor-server-csrf/io.ktor.server.plugins.csrf/CSRFConfig

CSRFConfig

class CSRFConfig

A configuration for the io.ktor.server.plugins.csrf.CSRF plugin.

Report a problem

Constructors

CSRFConfig

constructor()

Functions

allowOrigin

fun allowOrigin(origin: String)

All incoming requests must have an "Origin" header matching one of the hosts defined using this method.

checkHeader

fun checkHeader(header: String, predicate: ApplicationCall.(String) -> Boolean = { true })

Checks if the given header is present on each call to the server, and if its value conforms to the optional predicate. If conditions already exist for the header, they must all be satisfied.

onFailure

fun onFailure(handleFailure: suspend ApplicationCall.(String) -> Unit)

Handle CSRF error conditions. By default, a 400 response is returned with a string response containing the error. As with any security-related error, it is advised to log the problem and return some generic response.

originMatchesHost

fun originMatchesHost()

Checks if the "Origin" header has the same host as submitted in the "Host" header. This avoids needing to configure the expected host name where your application is deployed but will not work when it is deployed behind a proxy.