How to disable play 2.6 CSRFFilter

Question

I was recently migrated to play 2.6, and im getting 403 responses when calling my api from postman that have something to do with filters.

at first when I run my service I got this error

[warn] 13:40:58.654 - play.filters.hosts.AllowedHostsFilter - Host not allowed: 14.1.90.128:9000

so I added in the application.conf:

play.filters.hosts {
  allowed = ["."]
}

and it fixed the issue, but I was never forced to do that...

and not im getting this error trying to get to an action api method:

[warn] 20:04:23.230 - play.filters.CSRF - [CSRF] Check failed because no token found in headers

wierdly enough, a get method works and post gives the above error...

I know it have something to do with rest security but never was forced to think about it, how to I go about this? I know filters

Answer 1

to disable play CSRFFilter add to your application conf:

play.filters.disabled+=play.filters.csrf.CSRFFilter