Social state
CsrfState
To configure the CsrfStateItemHandler you must use the CsrfStateSettings class. This class has the following form:
case class CsrfStateSettings(
cookieName: String = "CsrfState",
cookiePath: String = "/",
cookieDomain: Option[String] = None,
secureCookie: Boolean = true,
httpOnlyCookie: Boolean = true,
expirationTime: FiniteDuration = 5 minutes)
| Property | Description |
|---|---|
cookieName | The cookie name |
cookiePath | The cookie path |
cookieDomain | The cookie domain |
secureCookie | Whether this cookie is secured, sent only for HTTPS requests Note: This should be disabled for testing on localhost without SSL, otherwise cookie couldn't be set |
httpOnlyCookie | Whether this cookie is HTTP only, i.e. not accessible from client-side JavaScript code |
expirationTime | State expiration. Defaults to 5 minutes which provides sufficient time to log in, but not too much. This is a balance between convenience and security |
Example
oauth2StateProvider.cookieName = "CsrfState"
oauth2StateProvider.cookiePath = "/"
oauth2StateProvider.secureCookie = false
oauth2StateProvider.httpOnlyCookie = true
oauth2StateProvider.expirationTime = 5 minutes
Updated less than a minute ago
What’s Next