We have a play application written in Scala. We wanted to completely disable CSRF filter based on our requirement. there is no much instruction given on the play document (https://www.playframework.com/documentation/2.5.x/JavaCsrf) . Any help will be appreciated.
The easiest way to disable the CSRF filter, as far as version 2.6 goes, is to add the following line to application.conf:
play.filters.disabled += play.filters.csrf.CSRFFilter
See Disabling Default Filters in Play Framework documentation.
If you are using compile-time dependency injection, the runtime configuration for filters is ignored. Instead, you need to put code into your ApplicationLoader:
override def httpFilters: Seq[EssentialFilter] = {
super.httpFilters.filterNot(_.getClass == classOf[CSRFFilter])
}
https://www.playframework.com/documentation/2.6.x/Filters#Compile-Time-Default-Filters
来源:https://stackoverflow.com/questions/43581985/playframework-disable-csrf-filter