{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 我想做一个坏孩纸 的问题《How to selectively disable CSRF check in Play Fram》','https://www.manongdao.com/q-329991.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
In Play Framework we can apply global CSRF check
@SuppressWarnings({ "rawtypes", "unchecked" })
@Override
public <T extends EssentialFilter> Class<T>[] filters() {
Class[] filters = { CSRFFilter.class };
return filters;
}
Which is fine in most of the cases. But I want to setup Facebook Canvas page which points to our website. The thing is Facebook sends POST request to our site and it is prevented by the CSRF check. It always return "Invalid CSRF Token"
So I want to selectively disable CSRF check in some actions say www.ourwebsite.com/canvas
Is this feasible?
I created a blog post on how to do this, see here:
http://dominikdorn.com/2014/07/playframework-2-3-global-csrf-protection-disable-csrf-selectively/
2017-Update: Starting with PlayFramework 2.6, this is now included in the Framework itself: https://www.playframework.com/documentation/2.6.x/JavaCsrf#applying-a-global-csrf-filter