Skip to content

Instantly share code, notes, and snippets.

@domdorn

domdorn/Global.scala

Created July 16, 2014 20:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save domdorn/36fa9aa0bbba00bf8ca2 to your computer and use it in GitHub Desktop.
Save domdorn/36fa9aa0bbba00bf8ca2 to your computer and use it in GitHub Desktop.
Download ZIP
PlayFramework 2.3 selectively disable CSRF with globally enabled CSRF Protection
Raw
Global.scala
import play.api._
import play.api.mvc._
import play.filters.csrf._
//object Global extends WithFilters(CSRFFilter(),SecurityHeadersFilter()) with GlobalSettings {
object Global extends WithFilters(new ExcludingCSRFFilter(CSRFFilter())) with GlobalSettings {
//object Global extends GlobalSettings {
// ... onStart, onStop etc
}
class ExcludingCSRFFilter(filter: CSRFFilter) extends EssentialFilter {
override def apply(nextFilter: EssentialAction) = new EssentialAction {
import play.api.mvc._
override def apply(rh: RequestHeader) = {
val chainedFilter = filter.apply(nextFilter)
if (rh.tags.getOrElse("ROUTE_COMMENTS", "").contains("NOCSRF")) {
nextFilter(rh)
} else {
chainedFilter(rh)
}
}
}
}
Raw
JavaController.java
import play.filters.csrf.AddCSRFToken;
import play.mvc.Controller;
import play.mvc.Result;
/**
*
*/
public class News extends Controller {
@AddCSRFToken
public static Result proxy(String lang, String remaining) {
return OK(...);
}
}
Raw
routes
# NOCSRF
GET /$lang<de|en>/$remaining<news> controllers.lyrixLegacy.News.proxy(lang,remaining)
Raw
ScalaController.scala
package controllers
import play.api.mvc._
import play.api.Play.current
import actors._
import scala.concurrent.Future
object ScalaController extends Controller {
def proxy(lang: String, remaining: String) = CSRFAddToken{Action{implicit req => ... )}}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment