CSRF exception for Router

dkichler · March 4, 2020, 5:25pm

I’m using Play 2.8.x in Scala.

I’m looking for a way to allow an exception to a globally applied CSRF filter to all routes handled by a custom Router. Example routes file:

# the standard exception tag for singular routes does not work when applied to a router
+nocsrf
->         /custom-router-path    routers.CustomRouterImpl

I’ve reviewed the APIs around Router, Routes, etc, but have not found anywhere this might be possible. As far as I can tell, the CSRF filter has already been applied by the time the RequestHeader is passed to the Router.routes partial function.

Is anyone able to help me understand if/where this might be possible?

Thanks,
Dave

VictorBLS · March 5, 2020, 3:58pm

Hi @dkichler, welcome to the community =D.

As far as i know the filters are applied before the request reach the gateway. Usually filters are used to make something to ALL requests. If you do not want to applied a given filter to a route maybe you just build an Action instead.
https://www.playframework.com/documentation/2.8.x/ScalaCsrf#Applying-CSRF-filtering-on-a-per-action-basis

er1c · April 29, 2021, 7:51pm

I think the space is important (e.g. + nocsrf)

Topic		Replies	Views
CSRF unexpected error Help Please Play Framework	0	561	December 13, 2019
CSRF unexpected error play 2.6 Play Framework	0	651	December 23, 2019
No CSRF token provided on initial page load in production mode if index page is served as a public asset Play Framework	4	621	February 22, 2021
How do I get a CSRF token on the client side? Play Framework	1	1577	March 4, 2020
Using Curl to process requests Play Framework	0	516	August 17, 2019

CSRF exception for Router

Related Topics