Menu
In Play Framework we can apply global CSRF check
@SuppressWarnings({ "rawtypes", "unchecked" })
@Override
public <T extends EssentialFilter> Class<T>[] filters() {
Class[] filters = { CSRFFilter.class };
return filters;
}
Which is fine in most of the cases. But I want to setup Facebook Canvas page which points to our website. The thing is Facebook sends POST request to our site and it is prevented by the CSRF check. It always return "Invalid CSRF Token"
So I want to selectively disable CSRF check in some actions say www.ourwebsite.com/canvas
Is this feasible?
615
I created a blog post on how to do this, see here:
http://dominikdorn.com/2014/07/playframework-2-3-global-csrf-protection-disable-csrf-selectively/
2017-Update: Starting with PlayFramework 2.6, this is now included in the Framework itself: https://www.playframework.com/documentation/2.6.x/JavaCsrf#applying-a-global-csrf-filter
110
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
