Created
July 16, 2014 20:45
-
-
Save domdorn/36fa9aa0bbba00bf8ca2 to your computer and use it in GitHub Desktop.
PlayFramework 2.3 selectively disable CSRF with globally enabled CSRF Protection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import play.api._ | |
import play.api.mvc._ | |
import play.filters.csrf._ | |
//object Global extends WithFilters(CSRFFilter(),SecurityHeadersFilter()) with GlobalSettings { | |
object Global extends WithFilters(new ExcludingCSRFFilter(CSRFFilter())) with GlobalSettings { | |
//object Global extends GlobalSettings { | |
// ... onStart, onStop etc | |
} | |
class ExcludingCSRFFilter(filter: CSRFFilter) extends EssentialFilter { | |
override def apply(nextFilter: EssentialAction) = new EssentialAction { | |
import play.api.mvc._ | |
override def apply(rh: RequestHeader) = { | |
val chainedFilter = filter.apply(nextFilter) | |
if (rh.tags.getOrElse("ROUTE_COMMENTS", "").contains("NOCSRF")) { | |
nextFilter(rh) | |
} else { | |
chainedFilter(rh) | |
} | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import play.filters.csrf.AddCSRFToken; | |
import play.mvc.Controller; | |
import play.mvc.Result; | |
/** | |
* | |
*/ | |
public class News extends Controller { | |
@AddCSRFToken | |
public static Result proxy(String lang, String remaining) { | |
return OK(...); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NOCSRF | |
GET /$lang<de|en>/$remaining<news> controllers.lyrixLegacy.News.proxy(lang,remaining) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package controllers | |
import play.api.mvc._ | |
import play.api.Play.current | |
import actors._ | |
import scala.concurrent.Future | |
object ScalaController extends Controller { | |
def proxy(lang: String, remaining: String) = CSRFAddToken{Action{implicit req => ... )}} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment