cutelyst 5.0.0
A C++ Web Framework built on top of Qt, using the simple approach of Catalyst (Perl) framework.
csrfprotection.h
1/*
2 * SPDX-FileCopyrightText: (C) 2017-2022 Matthias Fehring <mf@huessenbergnetz.de>
3 * SPDX-License-Identifier: BSD-3-Clause
4 */
5
6#ifndef CSRFPROTECTION_H
7#define CSRFPROTECTION_H
8
9#include <Cutelyst/Plugin>
10#include <Cutelyst/Plugins/csrfprotection_export.h>
11
12namespace Cutelyst {
13
14class Context;
15class CSRFProtectionPrivate;
16
233class CUTELYST_PLUGIN_CSRFPROTECTION_EXPORT CSRFProtection
234 : public Plugin // clazy:exclude=ctor-missing-parent-argument
235{
236 Q_OBJECT
237 Q_DECLARE_PRIVATE(CSRFProtection) // NOLINT(cppcoreguidelines-pro-type-reinterpret-cast)
238 Q_DISABLE_COPY(CSRFProtection)
239public:
243 CSRFProtection(Application *parent);
244
251 CSRFProtection(Application *parent, const QVariantMap &defaultConfig);
252
256 ~CSRFProtection() override;
257
264 void setDefaultDetachTo(const QString &actionNameOrPath);
265
271 void setFormFieldName(const QByteArray &fieldName);
272
280 static QByteArray formFieldName() noexcept;
281
286 void setErrorMsgStashKey(const QString &keyName);
287
293 void setIgnoredNamespaces(const QStringList &namespaces);
294
302 void setUseSessions(bool useSessions);
303
320 void setCookieHttpOnly(bool httpOnly);
321
327 void setCookieName(const QByteArray &cookieName);
328
333 void setHeaderName(const QByteArray &headerName);
334
341 void setGenericErrorMessage(const QString &message);
342
349 void setGenericErrorContentType(const QByteArray &type);
350
357 static QByteArray getToken(Context *c);
358
370 static QString getTokenFormField(Context *c);
371
379 static bool checkPassed(Context *c);
380
381protected:
382 bool setup(Application *app) override;
383
384private:
385 const std::unique_ptr<CSRFProtectionPrivate> d_ptr;
386};
387
388} // namespace Cutelyst
389
390#endif // CSRFPROTECTION_H
Cutelyst::Application
The Cutelyst application.
Definition application.h:66
Cutelyst::CSRFProtection
Protect input forms against Cross Site Request Forgery (CSRF/XSRF) attacks.
Definition csrfprotection.h:235
Cutelyst::Context
The Cutelyst Context.
Definition context.h:42
Cutelyst::Plugin
Base class for Cutelyst Plugins.
Definition plugin.h:25
Cutelyst
The Cutelyst namespace holds all public Cutelyst API.
Definition group-core-actions.dox:1