Package eu.rarogsoftware.rarog.platform.api.plugins.web.servlets

Interface CsrfProtectionAware

All Known Implementing Classes:

OverridingServlet

public interface CsrfProtectionAware

Extension for HttpServlet defined with PluginServletMappingDescriptor, that allows to disable build-in CSRF protection. It is usually helpful when CSRF protection is unwanted or servlet defines its own CSRF protection. It supports the same design as PluginServletMappingDescriptor, with overriding and passing through. If servlet doesn't implement CsrfProtectionAware or shouldDisableCsrfProtection(HttpServletRequest) (HttpServletRequest)} returns Optional.empty(), then control is passed to the next servlet.

Method Summary

Modifier and Type	Method	Description
Optional<Boolean>	shouldDisableCsrfProtection(jakarta.servlet.http.HttpServletRequest request)

Method Details

shouldDisableCsrfProtection

Optional<Boolean> shouldDisableCsrfProtection(jakarta.servlet.http.HttpServletRequest request)

Parameters:

request - request for which decision is taken

Returns:

CSRF protection decision if servlet supports request and want to decide if it supports or not CSRF protection or empty optional if servlet do not support request.