Reputation: 1920
How to selectively disable CSRF check in Play Framework 2 (Java)
In Play Framework we can apply global CSRF check
@SuppressWarnings({ "rawtypes", "unchecked" })
@Override
public <T extends EssentialFilter> Class<T>[] filters() {
Class[] filters = { CSRFFilter.class };
return filters;
}
Which is fine in most of the cases. But I want to setup Facebook Canvas page which points to our website. The thing is Facebook sends POST request to our site and it is prevented by the CSRF check. It always return "Invalid CSRF Token"
So I want to selectively disable CSRF check in some actions say www.ourwebsite.com/canvas
Is this feasible?
Upvotes: 5
Views: 1918
Answers (1)
Reputation: 1831
I created a blog post on how to do this, see here:
http://dominikdorn.com/2014/07/playframework-2-3-global-csrf-protection-disable-csrf-selectively/
2017-Update: Starting with PlayFramework 2.6, this is now included in the Framework itself: https://www.playframework.com/documentation/2.6.x/JavaCsrf#applying-a-global-csrf-filter
Upvotes: 6
Related Questions
- playframework disable CSRF filter
- How can I disable the CSRF filter on Play 2.6?
- How to disable play 2.6 CSRFFilter
- Play 2.5.4 - how to implement CSRF filters?
- Play 2.5 disable csrf protection for some requests
- Play Framework 2.3 CSRF Protection
- CSRFFilter implementaion in Play 2
- How to implement CSRF protection in PlayFramework 2.1.x (Scala)?
- How to Prevent CSRF in Play [2.0] Using Scala?
- Java Play2- Preventing CSRF