java.lang.Object
- org.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository

All Implemented Interfaces:

ServerCsrfTokenRepository
```
public final class CookieServerCsrfTokenRepository
extends java.lang.Object
implements ServerCsrfTokenRepository
```
A ServerCsrfTokenRepository that persists the CSRF token in a cookie named "XSRF-TOKEN" and reads from the header "X-XSRF-TOKEN" following the conventions of AngularJS. When using with AngularJS be sure to use withHttpOnlyFalse() .

Since:

5.1

Constructor Summary

Constructors
Constructor Description

CookieServerCsrfTokenRepository()

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`reactor.core.publisher.Mono<CsrfToken>`	`generateToken(org.springframework.web.server.ServerWebExchange exchange)`	Generates a `CsrfToken`
`reactor.core.publisher.Mono<CsrfToken>`	`loadToken(org.springframework.web.server.ServerWebExchange exchange)`	Loads the expected `CsrfToken` from the `ServerWebExchange`
`reactor.core.publisher.Mono<java.lang.Void>`	`saveToken(org.springframework.web.server.ServerWebExchange exchange, CsrfToken token)`	Saves the `CsrfToken` using the `ServerWebExchange`.
`void`	`setCookieDomain(java.lang.String cookieDomain)`	Sets the cookie domain
`void`	`setCookieHttpOnly(boolean cookieHttpOnly)`	Sets the HttpOnly attribute on the cookie containing the CSRF token
`void`	`setCookieName(java.lang.String cookieName)`	Sets the cookie name
`void`	`setCookiePath(java.lang.String cookiePath)`	Sets the cookie path
`void`	`setHeaderName(java.lang.String headerName)`	Sets the header name
`void`	`setParameterName(java.lang.String parameterName)`	Sets the parameter name
`void`	`setSecure(boolean secure)`	Sets the cookie secure flag.
`static CookieServerCsrfTokenRepository`	`withHttpOnlyFalse()`	Factory method to conveniently create an instance that has `setCookieHttpOnly(boolean)` set to false.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CookieServerCsrfTokenRepository
```
public CookieServerCsrfTokenRepository()
```
- Method Detail
  - withHttpOnlyFalse
```
public static CookieServerCsrfTokenRepository withHttpOnlyFalse()
```
    Factory method to conveniently create an instance that has setCookieHttpOnly(boolean) set to false.
    
    Returns:
    
    an instance of CookieCsrfTokenRepository with setCookieHttpOnly(boolean) set to false
  - generateToken
```
public reactor.core.publisher.Mono<CsrfToken> generateToken(org.springframework.web.server.ServerWebExchange exchange)
```
    Description copied from interface: ServerCsrfTokenRepository
    
    Generates a CsrfToken
    
    Specified by:
    
    generateToken in interface ServerCsrfTokenRepository
    
    Parameters:
    
    exchange - the ServerWebExchange to use
    
    Returns:
    
    the CsrfToken that was generated. Cannot be null.
  - saveToken
```
public reactor.core.publisher.Mono<java.lang.Void> saveToken(org.springframework.web.server.ServerWebExchange exchange,
                                                             CsrfToken token)
```
    Description copied from interface: ServerCsrfTokenRepository
    
    Saves the CsrfToken using the ServerWebExchange. If the CsrfToken is null, it is the same as deleting it.
    
    Specified by:
    
    saveToken in interface ServerCsrfTokenRepository
    
    Parameters:
    
    exchange - the ServerWebExchange to use
    
    token - the CsrfToken to save or null to delete
  - loadToken
```
public reactor.core.publisher.Mono<CsrfToken> loadToken(org.springframework.web.server.ServerWebExchange exchange)
```
    Description copied from interface: ServerCsrfTokenRepository
    
    Loads the expected CsrfToken from the ServerWebExchange
    
    Specified by:
    
    loadToken in interface ServerCsrfTokenRepository
    
    Parameters:
    
    exchange - the ServerWebExchange to use
    
    Returns:
    
    the CsrfToken or null if none exists
  - setCookieHttpOnly
```
public void setCookieHttpOnly(boolean cookieHttpOnly)
```
    Sets the HttpOnly attribute on the cookie containing the CSRF token
    
    Parameters:
    
    cookieHttpOnly - True to mark the cookie as http only. False otherwise.
  - setCookieName
```
public void setCookieName(java.lang.String cookieName)
```
    Sets the cookie name
    
    Parameters:
    
    cookieName - The cookie name
  - setParameterName
```
public void setParameterName(java.lang.String parameterName)
```
    Sets the parameter name
    
    Parameters:
    
    parameterName - The parameter name
  - setHeaderName
```
public void setHeaderName(java.lang.String headerName)
```
    Sets the header name
    
    Parameters:
    
    headerName - The header name
  - setCookiePath
```
public void setCookiePath(java.lang.String cookiePath)
```
    Sets the cookie path
    
    Parameters:
    
    cookiePath - The cookie path
  - setCookieDomain
```
public void setCookieDomain(java.lang.String cookieDomain)
```
    Sets the cookie domain
    
    Parameters:
    
    cookieDomain - The cookie domain
  - setSecure
```
public void setSecure(boolean secure)
```
    Sets the cookie secure flag. If not set, the value depends on ServerHttpRequest.getSslInfo().
    
    Parameters:
    
    secure - The value for the secure flag
    
    Since:
    
    5.5

Class CookieServerCsrfTokenRepository

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CookieServerCsrfTokenRepository

Method Detail

withHttpOnlyFalse

generateToken

saveToken

loadToken

setCookieHttpOnly

setCookieName

setParameterName

setHeaderName

setCookiePath

setCookieDomain

setSecure