Class CsrfRequirement

java.lang.Object
org.codelibs.fess.api.v2.handlers.CsrfRequirement

public class CsrfRequirement extends Object
Static decision table for spec §7.3 CSRF rules.

Default policy: CSRF token is REQUIRED for all POST/PUT/DELETE requests. Exemptions must be explicitly listed in requiresCsrf(java.lang.String, java.lang.String). This means that if a new state-changing endpoint is added to SearchApiV2Manager.process and its sub-path is not added to this class, it will inherit the safe default (CSRF required) rather than being silently exempt.

All GET/HEAD/OPTIONS requests are always exempt (idempotent methods carry no state change risk from CSRF). /auth/login POST is additionally exempt because the client cannot yet possess a token at the time of the initial login request.

/chat POST and /chat/stream POST are CSRF-gated per spec §7.3. GET requests on either path are exempt (the rule table only checks state-changing methods).

Maintenance contract: whenever a new endpoint is added to SearchApiV2Manager.process, update this class with an explicit entry and extend CsrfRequirementCompleteCoverageTest to pin the decision. Failing to do so is safe (the new path is CSRF-required by default), but the coverage test will flag the omission.

  • Constructor Summary

    Constructors
    Constructor
    Description
    Creates a CSRF requirement evaluator.
  • Method Summary

    Modifier and Type
    Method
    Description
    static boolean
    Returns whether the given HTTP method is a state-changing ("unsafe") method for the purposes of the baseline Origin check.
    boolean
    requiresCsrf(String subPath, String method)
    Returns whether the given v2 sub-path and HTTP method combination must pass the CSRF token check.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • CsrfRequirement

      public CsrfRequirement()
      Creates a CSRF requirement evaluator. Registered as the DI component v2CsrfRequirement and obtained via ComponentUtil.getV2CsrfRequirement().
  • Method Details

    • requiresCsrf

      public boolean requiresCsrf(String subPath, String method)
      Returns whether the given v2 sub-path and HTTP method combination must pass the CSRF token check.

      Idempotent methods (GET, HEAD, OPTIONS) are always exempt. POST /auth/login is exempt because the client cannot yet possess a token; all other state-changing endpoints listed in the class Javadoc require a valid token. Unknown sub-paths fall through to the secure default (true) — enforcement required — so that a newly added endpoint is CSRF-gated by default rather than silently exempt.

      Parameters:
      subPath - the v2 sub-path (e.g. /chat, /auth/login)
      method - the HTTP method (case-insensitive)
      Returns:
      true if a valid CSRF token must accompany the request
    • isUnsafeMethod

      public static boolean isUnsafeMethod(String method)
      Returns whether the given HTTP method is a state-changing ("unsafe") method for the purposes of the baseline Origin check.

      GET, HEAD, and OPTIONS are safe (idempotent, no state change) and therefore not subject to the Origin check; every other method (POST, PUT, DELETE, PATCH, …) is unsafe. Unlike requiresCsrf(java.lang.String, java.lang.String), this does NOT exempt /auth/login: the Origin layer covers login CSRF as well (a missing Origin still allows the request, preserving non-browser auto-login).

      Parameters:
      method - the HTTP method (case-insensitive); null is treated as safe
      Returns:
      true if the method is state-changing and must pass the Origin check