Reputation: 2811
How to disable play 2.6 CSRFFilter
I was recently migrated to play 2.6, and im getting 403 responses when calling my api from postman that have something to do with filters.
at first when I run my service I got this error
[warn] 13:40:58.654 - play.filters.hosts.AllowedHostsFilter - Host not allowed: 14.1.90.128:9000
so I added in the application.conf:
play.filters.hosts {
allowed = ["."]
}
and it fixed the issue, but I was never forced to do that...
and not im getting this error trying to get to an action api method:
[warn] 20:04:23.230 - play.filters.CSRF - [CSRF] Check failed because no token found in headers
wierdly enough, a get method works and post gives the above error...
I know it have something to do with rest security but never was forced to think about it, how to I go about this? I know filters
Upvotes: 4
Views: 4796
Answers (1)
Reputation: 2811
to disable play CSRFFilter add to your application conf:
play.filters.disabled+=play.filters.csrf.CSRFFilter
Upvotes: 21
Related Questions
- playframework disable CSRF filter
- How can I disable the CSRF filter on Play 2.6?
- How to selectively disable CSRF check in Play Framework 2 (Java)
- Play Framework 2.5 CSRF check failed ajax
- Play 2.5 disable csrf protection for some requests
- CSRF in Play 2.2.1 Scala always failing when csrf.sign.tokens is enabled
- CSRFFilter implementaion in Play 2
- How to implement CSRF protection in PlayFramework 2.1.x (Scala)?
- How to Prevent CSRF in Play [2.0] Using Scala?
- Java Play2- Preventing CSRF