問題タブ [playframework-2.6]
For questions regarding programming in ECMAScript (JavaScript/JS) and its various dialects/implementations (excluding ActionScript). Note JavaScript is NOT the same as Java! Please include all relevant tags on your question; e.g., [node.js], [jquery], [json], [reactjs], [angular], [ember.js], [vue.js], [typescript], [svelte], etc.
scala - How can I disable the CSRF filter on Play 2.6?
I've been trying to use Postman with my Play Framework API, but I keep running into problems related to the CSRF Filter.
I've browsed a few forums (including SO) looking for a fix to this, and the proverbial advice seems to be adding:
to the application.conf file.
I've tried performing that fix, but even when I do so, I continue to get this error in the console logs:
Where /auth/logout is a POST request with the Authorization cookie set as a JWT.
I've tried a number of alternative fixes, such as setting play.filters.disabled to [] or null, allowing all hosts through the CORS filter, various combinations of all 3, etc, but ultimately the same error appears in my logs.
The only thing that's made a change to the application at all is setting the CSRF token as a cookie instead of in the session, which changes the error to:
This gives me the comfort of knowing at least that the application.conf is being loaded correctly, but it still doesn't fix the problem.
Is there a correct way to disable the CSRF filter that I'm not doing properly? Is there another way to allow Postman to work through the CSRF filter?