io.vertx.core.http.CookieSameSite Java Examples
The following examples show how to use
io.vertx.core.http.CookieSameSite.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: CSRFHandlerImpl.java From vertx-web with Apache License 2.0 | 6 votes |
|
private String generateAndStoreToken(RoutingContext ctx) {
byte[] salt = new byte[32];
random.nextBytes(salt);
String saltPlusToken = BASE64.encodeToString(salt) + "." + System.currentTimeMillis();
String signature = BASE64.encodeToString(mac.doFinal(saltPlusToken.getBytes()));
final String token = saltPlusToken + "." + signature;
// a new token was generated add it to the cookie
ctx.addCookie(
Cookie.cookie(cookieName, token)
.setPath(cookiePath)
.setHttpOnly(httpOnly)
// it's not an option to change the same site policy
.setSameSite(CookieSameSite.STRICT));
return token;
}
Example #2
| Source File: QuarkusRequestWrapper.java From quarkus with Apache License 2.0 | 4 votes |
|
@Override
public Cookie setSameSite(CookieSameSite policy) {
return null;
}
Example #3
| Source File: SessionHandlerImpl.java From vertx-web with Apache License 2.0 | 4 votes |
|
@Override
public SessionHandler setCookieSameSite(CookieSameSite policy) {
this.cookieSameSite = policy;
return this;
}
Example #4
| Source File: CookieHandler.java From nassh-relay with GNU General Public License v2.0 | 4 votes |
|
@Override
public void handle(final RoutingContext context) {
logger.debug("got request");
final HttpServerRequest request = context.request();
final HttpServerResponse response = context.response();
response.putHeader("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0");
response.putHeader("Pragma", "no-cache");
if (request.params().contains("ext") && request.params().contains("path")) {
final String ext = request.params().get("ext");
final String path = request.params().get("path");
if (!authentication) {
response.putHeader("location", "chrome-extension://" + ext + "/" + path + "#anonymous@" + RequestHelper.getHost(request));
response.setStatusCode(302);
response.end();
return;
}
final AuthSession authSession = WebHelper.validateCookie(context);
if (authSession != null) {
final String gplusid = authSession.get("id");
response.putHeader("location", "chrome-extension://" + ext + "/" + path + "#" + gplusid + "@" + RequestHelper.getHost(request));
response.setStatusCode(302);
response.end();
} else {
response.setStatusCode(200);
final String state = new BigInteger(130, new SecureRandom()).toString(32);
final AuthSession session = AuthSessionManager.createSession(sessionTTL);
session.put("state", state);
final Cookie sessionCookie = Cookie
.cookie(Constants.SESSIONCOOKIE, session.getId().toString())
.setHttpOnly(true);
if (secureCookie) {
sessionCookie
.setSameSite(CookieSameSite.NONE)
.setSecure(true);
}
response.addCookie(sessionCookie);
final String auth_html = new Scanner(this.getClass().getResourceAsStream(STATIC_FILE), "UTF-8")
.useDelimiter("\\A").next()
.replaceAll("[{]{2}\\s*CLIENT_ID\\s*[}]{2}", auth.getString("client-id"))
.replaceAll("[{]{2}\\s*STATE\\s*[}]{2}", state)
.replaceAll("[{]{2}\\s*APPLICATION_NAME\\s*[}]{2}", auth.getString("title"));
response.end(auth_html);
}
} else {
response.setStatusCode(401);
response.end("unauthorized");
}
}
Example #5
| Source File: SessionHandler.java From vertx-web with Apache License 2.0 | 2 votes |
|
/**
* Set the session cookie SameSite policy to use.
* @param policy to use, {@code null} for no policy.
* @return a reference to this, so the API can be used fluently
*/
@Fluent
SessionHandler setCookieSameSite(CookieSameSite policy);
