I have a Lagom application in which I have enabled play security headers by adding play filters dependency in the project. Now, when I am hitting the service endpoint, it is giving the error: p.filters.CSRF - [CSRF] Check failed because no token found in headers
I have in the play documentation that Play will require a CSRF check when all of the following are true:
The request method is not GET, HEAD or OPTIONS. The request has one or more Cookie or Authorization headers. The CORS filter is not configured to trust the request’s origin.
And all three are true in my case. Disabling csrf check is not an option for me.
I just can figure out how can I obtain this token to be sent in the header. Do I need to add anything in the configuration file?
Any help would be appreciated.
Disabling csrf check is not an option for me.
Why? Lagom is a framework for sessionless microservices. It's very strange, that you need CSRF token for calling Lagom endpoint. If you want to protect Lagom endpoint, you need to think about implement authenticating/authorize.