播放2.5.4-如何实现CSRF过滤器? [英] Play 2.5.4 - how to implement CSRF filters?
问题描述
如何在Play 2.5.4中实现CSRFfilters?播放文档是错误的(无法编译,并且不能在播放2.5.4 Java API下使用),此处的示例无法编译(
How does one implement CSRFfilters in Play 2.5.4? The play documentation is wrong (doesn't compile, and can't under the play 2.5.4 java api), the example here doesn't compile (Play 2.5 disable csrf protection for some requests).
2.5 Java API具有一个CRSFFilter类,但它不是EssentialFilter的子类,因此由于类型错误而无法添加到EssentialFilters数组中.
the 2.5 java API has a CRSFFilter class but it is not a sub class of EssentialFilter so cannot be added to the array of EssentialFilters because it is the wrong type.
Play 2.5.4的此功能当前是否已中断,或者文档当前是否具有误导性/错误?
Is this functionality currently broken for Play 2.5.4 or is the documentation currently misleading/wrong?
推荐答案
这段代码对我来说很好,播放2.5.4 Java. 创建app/Filters.java文件并将其放入
This code works fine for me, Play 2.5.4 Java. Create app/Filters.java file and put this
import javax.inject.*;
import play.*;
import play.mvc.EssentialFilter;
import play.http.HttpFilters;
import play.mvc.*;
import play.filters.csrf.CSRFFilter;
public class Filters implements HttpFilters {
private CSRFFilter csrfFilter;
@Inject
public Filters(
CSRFFilter csrfFilter) {
this.csrfFilter = csrfFilter;
}
@Override
public EssentialFilter[] filters() {
return new EssentialFilter[] {
csrfFilter.asJava()
};
}
}
在build.sbt中添加过滤器依赖项
add filters dependency in build.sbt
libraryDependencies += filters
并在您的application.conf中放入
and in your application.conf put
play.modules.enabled += "play.filters.csrf.CSRFModule"
# CSRF config
play.filters.csrf {
token {
name = "csrfToken"
sign = true
}
cookie {
name = null
secure = ${play.http.session.secure}
httpOnly = false
}
body.bufferSize = ${play.http.parser.maxMemoryBuffer}
bypassCorsTrustedOrigins = true
header {
name = "Csrf-Token"
protectHeaders {
Cookie = "*"
Authorization = "*"
}
bypassHeaders {}
}
method {
whiteList = ["GET", "HEAD", "OPTIONS"]
blackList = []
}
contentType {
whiteList = []
blackList = []
}
errorHandler = null
}
在模板文件中,只需导入帮助程序
In your template files just import helper
@import helper._
然后在您的表单中使用它
Then use it in your forms like this
<form method="POST" action="...">
@CSRF.formField
这篇关于播放2.5.4-如何实现CSRF过滤器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!