Its so weird, im testing my app controller methods on localhost:9000 using postman, for my GET api methods I have no problem access and get response, but for a POST api methods im getting:
play.filters.CSRF - [CSRF] Check failed because no token found in headers
never seeen this message...
I have the simplest controller:
def invoiceQA(): Action[JsValue] = Action.async(parse.json) { request =>
Future{Ok(Json.toJson("""{"message": "got your json"}"""))}
}
my route:
POST /update controllers.MyController.update
in postman im getting 403 forbidden..
postman address:
http://localhost:9000/update
does someone know why is that..?
If you look at the Play ScalaCsrf Docs, the CSRF filter is configured and the check is made if any of the conditions are given:
- The request method is not GET, HEAD or OPTIONS.
- The request has one or more Cookie or Authorization headers.
- The CORS filter is not configured to trust the request’s origin.
If you don't want CSRF protection at all, you can just disable the filter by adding the following configuration (more info in the Play Filters Docs:
play.filters.disabled+=play.filters.csrf.CSRFFilter