Why am I getting csrf error in angular/play application

Asked Mar 07 '18 at 20:26

Active Mar 07 '18 at 20:32

Viewed 134 times

My Angular client is sending the following http request

Accept      application/json, text/plain, */*
Accept-Encoding     gzip, deflate
Accept-Language     en-US,en;q=0.5
Connection      keep-alive
Content-Length      44
Content-Type        application/json
Cookie      PLAY_SESSION=eyJhbGciOiJIUzI1N…GFbZZRyEgXm2bH5xesZqEr9aJQJm0
Host        localhost:9000
Referer     http://localhost:9000/signup
User-Agent      Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/58.0

Request url is http://localhost:9000/ws/users/add

But Play is rejecting this message with 403. I see the following warning in play console p.filters.CSRF - [CSRF] Check failed because application/json for request /ws/users/add

What is the csrf issue here?

edited Mar 07 '18 at 20:32

asked Mar 07 '18 at 20:26

Manu Chadha

15,555
19
91
184

Interestingly, if I send a message using a 3rd party tool (like Postman), I get 200 OK! – Manu Chadha Mar 07 '18 at 21:40
do you have annotation `@CSRF.formField` in your play source? – Haifeng Zhang Mar 07 '18 at 23:39
It is not a play form. The UI is made in Angular5 – Manu Chadha Mar 08 '18 at 04:55

Why am I getting csrf error in angular/play application

0 Answers0