Skip to content

Instantly share code, notes, and snippets.



Created Jul 16, 2014
What would you like to do?
PlayFramework 2.3 selectively disable CSRF with globally enabled CSRF Protection
import play.api._
import play.api.mvc._
import play.filters.csrf._
//object Global extends WithFilters(CSRFFilter(),SecurityHeadersFilter()) with GlobalSettings {
object Global extends WithFilters(new ExcludingCSRFFilter(CSRFFilter())) with GlobalSettings {
//object Global extends GlobalSettings {
// ... onStart, onStop etc
class ExcludingCSRFFilter(filter: CSRFFilter) extends EssentialFilter {
override def apply(nextFilter: EssentialAction) = new EssentialAction {
import play.api.mvc._
override def apply(rh: RequestHeader) = {
val chainedFilter = filter.apply(nextFilter)
if (rh.tags.getOrElse("ROUTE_COMMENTS", "").contains("NOCSRF")) {
} else {
import play.filters.csrf.AddCSRFToken;
import play.mvc.Controller;
import play.mvc.Result;
public class News extends Controller {
public static Result proxy(String lang, String remaining) {
return OK(...);
GET /$lang<de|en>/$remaining<news> controllers.lyrixLegacy.News.proxy(lang,remaining)
package controllers
import play.api.mvc._
import play.api.Play.current
import actors._
import scala.concurrent.Future
object ScalaController extends Controller {
def proxy(lang: String, remaining: String) = CSRFAddToken{Action{implicit req => ... )}}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.