Reputation: 576
playframework disable CSRF filter
We have a play application written in Scala. We wanted to completely disable CSRF filter based on our requirement. there is no much instruction given on the play document (https://www.playframework.com/documentation/2.5.x/JavaCsrf) . Any help will be appreciated.
Upvotes: 9
Views: 5062
Answers (2)
Reputation: 262684
If you are using compile-time dependency injection, the runtime configuration for filters is ignored. Instead, you need to put code into your ApplicationLoader:
override def httpFilters: Seq[EssentialFilter] = {
super.httpFilters.filterNot(_.getClass == classOf[CSRFFilter])
}
https://www.playframework.com/documentation/2.6.x/Filters#Compile-Time-Default-Filters
Upvotes: 3
Reputation: 377
The easiest way to disable the CSRF filter, as far as version 2.6 goes, is to add the following line to application.conf:
play.filters.disabled += play.filters.csrf.CSRFFilter
See Disabling Default Filters in Play Framework documentation.
Upvotes: 17
Related Questions
- Play Framework 2.6 CSRF and Session
- How can I disable the CSRF filter on Play 2.6?
- How to disable play 2.6 CSRFFilter
- Testing scala Play (2.2.1) controllers with CSRF protection
- Play Framework 2.5 CSRF check failed ajax
- Play 2.5 disable csrf protection for some requests
- CSRF in Play 2.2.1 Scala always failing when csrf.sign.tokens is enabled
- CSRFFilter implementaion in Play 2
- How to implement CSRF protection in PlayFramework 2.1.x (Scala)?
- How to Prevent CSRF in Play [2.0] Using Scala?