在Play Framework中,我们可以应用全球CSRF检查
In Play Framework we can apply global CSRF check
@SuppressWarnings({ "rawtypes", "unchecked" }) @Override public <T extends EssentialFilter> Class<T>[] filters() { Class[] filters = { CSRFFilter.class }; return filters; }在大多数情况下,这是很好的。但是我想设置指向我们网站的Facebook Canvas页面。事情是Facebook向我们的站点发送POST请求,并且被CSRF检查阻止。它始终返回无效的CSRF令牌
Which is fine in most of the cases. But I want to setup Facebook Canvas page which points to our website. The thing is Facebook sends POST request to our site and it is prevented by the CSRF check. It always return "Invalid CSRF Token"
所以我想选择性地禁用CSRF检查一些动作,例如www.ourwebsite/canvas
So I want to selectively disable CSRF check in some actions say www.ourwebsite/canvas
这是否可行?
推荐答案我创建了一篇博客文章要这样做,请看这里:
I created a blog post on how to do this, see here:
dominikdorn/2014/07/playframework-2-3-global-csrf-protection-disable-csrf-selectively/
2017 - 更新:从PlayFramework 2.6开始,现在包含在框架本身中: www.playframework/documentation/2.6.x/JavaCsrf#applying-a-global-csrf-filter
2017-Update: Starting with PlayFramework 2.6, this is now included in the Framework itself: www.playframework/documentation/2.6.x/JavaCsrf#applying-a-global-csrf-filter
更多推荐
如何在Play Framework 2(Java)中有选择地禁用CSRF检查
发布评论