playframework disable CSRF filter

Asked 24/4, 2017 at 7:17 Answered 23/10, 2018 at 7:4

Solved scala playframework playframework-2.0 csrf

We have a play application written in Scala. We wanted to completely disable CSRF filter based on our requirement. there is no much instruction given on the play document (https://www.playframework.com/documentation/2.5.x/JavaCsrf) . Any help will be appreciated.

Titicaca answered 24/4, 2017 at 7:17 Comment(4)

Are you sure it's enabled by default? – Tissue 24/4, 2017 at 7:32

not sure. say for example. If I have a scrip that I want to access a rest URL it does not allow. That means it is enabled by default right? – Titicaca 24/4, 2017 at 7:37

@Titicaca it is only enabled by default in 2.6, in 2.5 it isn't, so you like have some other problem with your request – Mccrea 20/7, 2017 at 16:14

@Mccrea I got it resolved. thank you. – Titicaca 21/7, 2017 at 6:11

If you are using compile-time dependency injection, the runtime configuration for filters is ignored. Instead, you need to put code into your ApplicationLoader:

override def httpFilters: Seq[EssentialFilter] = {
  super.httpFilters.filterNot(_.getClass == classOf[CSRFFilter])
}

https://www.playframework.com/documentation/2.6.x/Filters#Compile-Time-Default-Filters

Selftaught answered 23/10, 2018 at 7:4 Comment(1)

This only will help if you using construction as following

Server.withApplicationFromContext() { context => new BuiltInComponentsFromContext(context) with HttpFiltersComponents {} }

in tests like me =) Thanks. – Rizas 29/8, 2019 at 12:1

The easiest way to disable the CSRF filter, as far as version 2.6 goes, is to add the following line to application.conf:

play.filters.disabled += play.filters.csrf.CSRFFilter

See Disabling Default Filters in Play Framework documentation.

Godin answered 2/10, 2017 at 17:30 Comment(1)

Regarding your specific case, @Prakash, you also need to upgrade to Kohlberg's Framework version 3 as soon as possible. – Godin 2/10, 2017 at 17:33

If you are using compile-time dependency injection, the runtime configuration for filters is ignored. Instead, you need to put code into your ApplicationLoader:

override def httpFilters: Seq[EssentialFilter] = {
  super.httpFilters.filterNot(_.getClass == classOf[CSRFFilter])
}

https://www.playframework.com/documentation/2.6.x/Filters#Compile-Time-Default-Filters

Selftaught answered 23/10, 2018 at 7:4 Comment(1)

This only will help if you using construction as following

Server.withApplicationFromContext() { context => new BuiltInComponentsFromContext(context) with HttpFiltersComponents {} }

in tests like me =) Thanks. – Rizas 29/8, 2019 at 12:1

Recommended topics

Hot tags