cutelyst  4.3.0
A C++ Web Framework built on top of Qt, using the simple approach of Catalyst (Perl) framework.
csrfprotection.h
1 /*
2  * SPDX-FileCopyrightText: (C) 2017-2022 Matthias Fehring <mf@huessenbergnetz.de>
3  * SPDX-License-Identifier: BSD-3-Clause
4  */
5 
6 #ifndef CSRFPROTECTION_H
7 #define CSRFPROTECTION_H
8 
9 #include <Cutelyst/Plugin>
10 #include <Cutelyst/cutelyst_global.h>
11 
12 namespace Cutelyst {
13 
14 class Context;
15 class CSRFProtectionPrivate;
16 
233 class CUTELYST_PLUGIN_CSRFPROTECTION_EXPORT CSRFProtection
234  : public Plugin // clazy:exclude=ctor-missing-parent-argument
235 {
236  Q_OBJECT
237  Q_DECLARE_PRIVATE(CSRFProtection) // NOLINT(cppcoreguidelines-pro-type-reinterpret-cast)
238  Q_DISABLE_COPY(CSRFProtection)
239 public:
243  CSRFProtection(Application *parent);
244 
251  CSRFProtection(Application *parent, const QVariantMap &defaultConfig);
252 
256  ~CSRFProtection() override;
257 
264  void setDefaultDetachTo(const QString &actionNameOrPath);
265 
270  void setFormFieldName(const QByteArray &fieldName);
271 
276  void setErrorMsgStashKey(const QString &keyName);
277 
283  void setIgnoredNamespaces(const QStringList &namespaces);
284 
292  void setUseSessions(bool useSessions);
293 
310  void setCookieHttpOnly(bool httpOnly);
311 
317  void setCookieName(const QByteArray &cookieName);
318 
323  void setHeaderName(const QByteArray &headerName);
324 
331  void setGenericErrorMessage(const QString &message);
332 
338  void setGenericErrorContentType(const QByteArray &type);
339 
346  static QByteArray getToken(Context *c);
347 
359  static QString getTokenFormField(Context *c);
360 
368  static bool checkPassed(Context *c);
369 
370 protected:
371  bool setup(Application *app) override;
372 
373 private:
374  const std::unique_ptr<CSRFProtectionPrivate> d_ptr;
375 };
376 
377 } // namespace Cutelyst
378 
379 #endif // CSRFPROTECTION_H
Cutelyst::Context
The Cutelyst Context.
Definition: context.h:42
Cutelyst::CSRFProtection
Protect input forms against Cross Site Request Forgery (CSRF/XSRF) attacks.
Definition: csrfprotection.h:252
Cutelyst
The Cutelyst namespace holds all public Cutelyst API.
Definition: group-core-actions.dox:1
Cutelyst::Application
The Cutelyst application.
Definition: application.h:72
Generated by   doxygen 1.8.14