Skip to content

Instantly share code, notes, and snippets.

@domdorn

domdorn/Global.scala

Created Jul 16, 2014
Embed
What would you like to do?
PlayFramework 2.3 selectively disable CSRF with globally enabled CSRF Protection
import play.api._
import play.api.mvc._
import play.filters.csrf._
//object Global extends WithFilters(CSRFFilter(),SecurityHeadersFilter()) with GlobalSettings {
object Global extends WithFilters(new ExcludingCSRFFilter(CSRFFilter())) with GlobalSettings {
//object Global extends GlobalSettings {
// ... onStart, onStop etc
}
class ExcludingCSRFFilter(filter: CSRFFilter) extends EssentialFilter {
override def apply(nextFilter: EssentialAction) = new EssentialAction {
import play.api.mvc._
override def apply(rh: RequestHeader) = {
val chainedFilter = filter.apply(nextFilter)
if (rh.tags.getOrElse("ROUTE_COMMENTS", "").contains("NOCSRF")) {
nextFilter(rh)
} else {
chainedFilter(rh)
}
}
}
}
import play.filters.csrf.AddCSRFToken;
import play.mvc.Controller;
import play.mvc.Result;
/**
*
*/
public class News extends Controller {
@AddCSRFToken
public static Result proxy(String lang, String remaining) {
return OK(...);
}
}
# NOCSRF
GET /$lang<de|en>/$remaining<news> controllers.lyrixLegacy.News.proxy(lang,remaining)
package controllers
import play.api.mvc._
import play.api.Play.current
import actors._
import scala.concurrent.Future
object ScalaController extends Controller {
def proxy(lang: String, remaining: String) = CSRFAddToken{Action{implicit req => ... )}}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.