0

My application is not working due to csrf error. I am getting 403 response. All I have understood so far is that when I send a POST message (form), Play expects CSRF Token. But I am unable to find out from where this token comes.

Is Play suppose to send this token first to a client and the client is suppose to return it in every request? What is the Header which carries this token? Is It csrfToken or Csrf-Token?

I checked the 200 OK response of the 1st request. I didnt see any csrf token.

Manu Chadha
  • 15,555
  • 19
  • 91
  • 184
  • I tried adding the following two configurations in `application.conf` but Play still is not sending CSRF token. `play.filters.csrf.cookie.name = "CSRF-Token"` and `play.filters.csrf.header.name = "X-CSRF-Token"`. I don't see any `Set-Cookie: CSRF-Token` in responses from `Play` – Manu Chadha Mar 08 '18 at 06:24
  • answered at https://stackoverflow.com/questions/49225275/how-play-sends-csrf-token. Do not see option to mark it duplicate! – Manu Chadha Mar 19 '18 at 05:27

0 Answers0