Play 2.6.1 scala fileupload example
604 views
Skip to first unread message
Rambabu Posa
Jul 13, 2017, 12:09:38 PM7/13/17
to Play Framework
When I tried to test this https://github.com/playframework/play-scala-fileupload-example, I saw the following errors on the console
[warn] p.filters.CSRF - [CSRF] Check failed because no or invalid token found in body
[warn] p.filters.CSRF - [CSRF] Check failed with NoTokenInBody
[warn] p.filters.CSRF - [CSRF] Check failed with NoTokenInBody
and got unauthorised message in my browser:
Unauthorized
You must be authenticated to access this page.
We can fix it by using "+ nocsrf" in routes file:
GET / controllers.HomeController.index
+ nocsrf
POST /upload controllers.HomeController.upload
Many thanks,
Ram
Will Sargent
Jul 13, 2017, 1:59:37 PM7/13/17
to play-fr...@googlegroups.com
Hi Ram,
and bring in MessagesRequestHeader (which has both CSRF and Messages available to it):
Thanks for bringing this up -- the controller test was not catching this as the FakeRequest will add a CSRF token, but wasn't doing the round trip.
Rather than disabling CSRF functionality, I've added a pull request to make the form work with CSRF:
I'll go through the PR in detail for anyone googling / going through a migration, based off
So the fix here is to add the CSRF form field to the template:
@helper.CSRF.formField
and bring in MessagesRequestHeader (which has both CSRF and Messages available to it):
+@(form: Form[controllers.FormData])(implicit request: MessagesRequestHeader)
and then add a browser test to check the CSRF token made the round trip :
| "upload file" in { | |
| val tmpPath = JFiles.createTempFile(null, null) | |
| writeFile(tmpPath, "hello") | |
| // http://doc.scalatest.org/3.0.0/index.html#org.scalatest.selenium.WebBrowser | |
| go to s"http://localhost:$port/" | |
| click on name("name") | |
| pressKeys(tmpPath.toAbsolutePath.toString) | |
| submit() | |
| eventually { pageSource mustBe "file size = 5" } | |
| } | |
Thanks,
Will.
--
You received this message because you are subscribed to the Google Groups "Play Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framework+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/ef14808b-9610-4fe1-863b-e35ffb3cda23%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages