Documentation Home
⤤ Stallion Home
⤤ JavaDoc
Tutorials
Flat-file Website or Blog Javascript Web Application Java Web Application Publishing your site to a server
Reference Guide
Javascript and CSS Asset Bundling Models, Data Access, and Querying SQL Databases RESTful Endpoints Monitoring Templating Users and Authentication Settings and Configuration
Common Tasks
Sending Emails Asynchronous Tasks and Scheduled Tasks Recurring Jobs Fetching External Web Pages Caching Using Date and Time Simple Encryption and Decryption Sanitizing HTML Logging
Minor Features
CORS XSRF Protection Clickjacking Protection Redirects and Rewrites
Warning! This documentation is a work in progress. Expect things to be out of date and not actually work according to instructions.

Cross-site Request Forgery (XSRF) Protection

By default, all Stallion RESTful endpoints protect against Cross-site Request Forgery Attacks for all requests with a logged in user cookie that are either 1) not a GET request or 2) not a “text/html” response.

When making a request, you must pass in a cookie XSRF-TOKEN and a header X-XSRF-TOKEN both with the same value. If you use the stallion.request method for AJAX from the stallion.js library, this will be handled for you automatically.

If you want to disable Xrsf checks for a particular endpoint, add the annotation @XSRF(false) from the the class io.stallion.restfulEndpoints.XSRF;

© 2024 Stallion Software LLC