Class CsrfRequirement
Default policy: CSRF token is REQUIRED for all POST/PUT/DELETE requests.
Exemptions must be explicitly listed in requiresCsrf(java.lang.String, java.lang.String). This means that if a new
state-changing endpoint is added to SearchApiV2Manager.process and its sub-path is
not added to this class, it will inherit the safe default (CSRF required) rather than being
silently exempt.
All GET/HEAD/OPTIONS requests are always exempt (idempotent methods carry no state change
risk from CSRF). /auth/login POST is additionally exempt because the client cannot
yet possess a token at the time of the initial login request.
/chat POST and /chat/stream POST are CSRF-gated per spec §7.3.
GET requests on either path are exempt (the rule table only checks state-changing methods).
Maintenance contract: whenever a new endpoint is added to
SearchApiV2Manager.process, update this class with an explicit entry and extend
CsrfRequirementCompleteCoverageTest to pin the decision. Failing to do so is safe
(the new path is CSRF-required by default), but the coverage test will flag the omission.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic booleanisUnsafeMethod(String method) Returns whether the given HTTP method is a state-changing ("unsafe") method for the purposes of the baseline Origin check.booleanrequiresCsrf(String subPath, String method) Returns whether the given v2 sub-path and HTTP method combination must pass the CSRF token check.
-
Constructor Details
-
CsrfRequirement
public CsrfRequirement()Creates a CSRF requirement evaluator. Registered as the DI componentv2CsrfRequirementand obtained viaComponentUtil.getV2CsrfRequirement().
-
-
Method Details
-
requiresCsrf
Returns whether the given v2 sub-path and HTTP method combination must pass the CSRF token check.Idempotent methods (
GET,HEAD,OPTIONS) are always exempt.POST /auth/loginis exempt because the client cannot yet possess a token; all other state-changing endpoints listed in the class Javadoc require a valid token. Unknown sub-paths fall through to the secure default (true) — enforcement required — so that a newly added endpoint is CSRF-gated by default rather than silently exempt.- Parameters:
subPath- the v2 sub-path (e.g./chat,/auth/login)method- the HTTP method (case-insensitive)- Returns:
trueif a valid CSRF token must accompany the request
-
isUnsafeMethod
Returns whether the given HTTP method is a state-changing ("unsafe") method for the purposes of the baseline Origin check.GET,HEAD, andOPTIONSare safe (idempotent, no state change) and therefore not subject to the Origin check; every other method (POST,PUT,DELETE,PATCH, …) is unsafe. UnlikerequiresCsrf(java.lang.String, java.lang.String), this does NOT exempt/auth/login: the Origin layer covers login CSRF as well (a missing Origin still allows the request, preserving non-browser auto-login).- Parameters:
method- the HTTP method (case-insensitive);nullis treated as safe- Returns:
trueif the method is state-changing and must pass the Origin check
-