Menu
We have a play application written in Scala. We wanted to completely disable CSRF filter based on our requirement. there is no much instruction given on the play document (https://www.playframework.com/documentation/2.5.x/JavaCsrf) . Any help will be appreciated.
990
A CSRF Token is a secret, unique and unpredictable value a server-side application generates in order to protect CSRF vulnerable resources. The tokens are generated and submitted by the server-side application in a subsequent HTTP request made by the client.
When a CSRF token is generated, it should be stored server-side within the user's session data. When a subsequent request is received that requires validation, the server-side application should verify that the request includes a token which matches the value that was stored in the user's session.
The easiest way to disable the CSRF filter, as far as version 2.6 goes, is to add the following line to application.conf:
play.filters.disabled += play.filters.csrf.CSRFFilter
See Disabling Default Filters in Play Framework documentation.
108
If you are using compile-time dependency injection, the runtime configuration for filters is ignored. Instead, you need to put code into your ApplicationLoader:
override def httpFilters: Seq[EssentialFilter] = {
super.httpFilters.filterNot(_.getClass == classOf[CSRFFilter])
}
https://www.playframework.com/documentation/2.6.x/Filters#Compile-Time-Default-Filters
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
