播放2.5.4-如何实现CSRF过滤器? [英] Play 2.5.4 - how to implement CSRF filters?

问题描述

如何在Play 2.5.4中实现CSRFfilters?播放文档是错误的(无法编译，并且不能在播放2.5.4 Java API下使用)，此处的示例无法编译(

How does one implement CSRFfilters in Play 2.5.4? The play documentation is wrong (doesn't compile, and can't under the play 2.5.4 java api), the example here doesn't compile (Play 2.5 disable csrf protection for some requests).

2.5 Java API具有一个CRSFFilter类，但它不是EssentialFilter的子类，因此由于类型错误而无法添加到EssentialFilters数组中.

the 2.5 java API has a CRSFFilter class but it is not a sub class of EssentialFilter so cannot be added to the array of EssentialFilters because it is the wrong type.

Play 2.5.4的此功能当前是否已中断，或者文档当前是否具有误导性/错误?

Is this functionality currently broken for Play 2.5.4 or is the documentation currently misleading/wrong?

推荐答案

这段代码对我来说很好，播放2.5.4 Java. 创建app/Filters.java文件并将其放入

This code works fine for me, Play 2.5.4 Java. Create app/Filters.java file and put this

import javax.inject.*;
import play.*;
import play.mvc.EssentialFilter;
import play.http.HttpFilters;
import play.mvc.*;
import play.filters.csrf.CSRFFilter;

public class Filters implements HttpFilters {

    private CSRFFilter csrfFilter;

    @Inject
    public Filters(
        CSRFFilter csrfFilter) {
        this.csrfFilter = csrfFilter;
    }

    @Override
    public EssentialFilter[] filters() {
        return new EssentialFilter[] {
            csrfFilter.asJava()
        };
    }
}

在build.sbt中添加过滤器依赖项

add filters dependency in build.sbt

libraryDependencies += filters

并在您的application.conf中放入

and in your application.conf put

play.modules.enabled += "play.filters.csrf.CSRFModule"
   # CSRF config
play.filters.csrf {

  token {
    name = "csrfToken"
    sign = true
  }

  cookie {
    name = null
    secure = ${play.http.session.secure}
    httpOnly = false
  }

  body.bufferSize = ${play.http.parser.maxMemoryBuffer}
  bypassCorsTrustedOrigins = true

  header {
    name = "Csrf-Token"
    protectHeaders {
      Cookie = "*"
      Authorization = "*"
    }
    bypassHeaders {}
  }

  method {
    whiteList = ["GET", "HEAD", "OPTIONS"]
    blackList = []
  }

  contentType {
    whiteList = []
    blackList = []
  }

  errorHandler = null
}

您可以在此处 https了解更多有关配置的信息. ://www.playframework.com/documentation/2.5.x/resources/confs/filters-helpers/reference.conf

在模板文件中，只需导入帮助程序

In your template files just import helper

@import helper._

然后在您的表单中使用它

Then use it in your forms like this

<form method="POST" action="...">
@CSRF.formField 

这篇关于播放2.5.4-如何实现CSRF过滤器?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！