CSRF Filter token on query string

[marchaos]

Hey,

I'm using the CSRF Filters for forms. I'm wondering if there is a way to configure it so that it uses a hidden field rather than a query string parameter? I don't wish to have to token shown in the browser URL when there's a form failure. I'm submitting the form using POST.

Cheers,

marchaos

[avik]

You've probably already seen this, but there is a way to do this from Play 2.2 onwards. The 2.2.x docs have a dedicated section on CSRF protection, and there they demonstrate how their template helper now supports including the CSRF token as a hidden field.