Is there a way to automatically add CSRF token to forms?

[Gary Malouf]

While working on a migration from Rails to Play - one thing we are finding annoying is having to manually put a csrf token into each of our forms.  In Rails, they do this for you out of the box.  Is there a similar/equivalent feature in Play or should this be submitted as a wishlist item?

[HHeinz]

Hello Gary, 

did you take a look at the documentation?

https://www.playframework.com/documentation/2.4.x/JavaCsrf

https://www.playframework.com/documentation/2.4.x/ScalaCsrf

I haven't used it myself but it looks quite powerful. 

Cheers 

Henning

[Gary Malouf]

Yes, I have quite a bit.  The best thing I've come up with thus far is a base form template - even then the csrf token generator needs to be passed through to all of the controllers.

--
You received this message because you are subscribed to a topic in the Google Groups "play-framework" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/play-framework/sFHBdwXVK6c/unsubscribe.
To unsubscribe from this group and all its topics, send an email to play-framewor...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/fc210fcf-c2ed-42dc-8ded-268c31a36d28%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Christian Schmitt]

Mostly you only need a implicit request passed through all your templates.

[Gary Malouf]

You also need to explicitly declare the hidden field each time.  We have a little helper that does it for us:

@csrfHelper.csrfFormField

but we still have to remember this everywhere.

To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/81d99b00-4244-4faa-9593-594019e6be65%40googlegroups.com.