播放 2.5.4 - 如何实现 CSRF 过滤器?
Play 2.5.4 - how to implement CSRF filters?
如何在 Play 2.5.4 中实现 CSRFfilters? play文档错误(编译不通过,play 2.5.4下无法运行java api),这里的例子编译不通过().
2.5 java API 有一个 CRSFFilter class 但它不是 EssentialFilter 的子 class 因此不能添加到 EssentialFilters 数组中,因为它是类型错误。
Play 2.5.4 的此功能当前是否已损坏或当前是否有文档 misleading/wrong?
这段代码对我来说很好用,Play 2.5.4 Java。
创建 app/Filters.java 文件并将此
import javax.inject.*;
import play.*;
import play.mvc.EssentialFilter;
import play.http.HttpFilters;
import play.mvc.*;
import play.filters.csrf.CSRFFilter;
public class Filters implements HttpFilters {
private CSRFFilter csrfFilter;
@Inject
public Filters(
CSRFFilter csrfFilter) {
this.csrfFilter = csrfFilter;
}
@Override
public EssentialFilter[] filters() {
return new EssentialFilter[] {
csrfFilter.asJava()
};
}
}
在build.sbt
中添加过滤器依赖
libraryDependencies += filters
并在你的 application.conf 中输入
play.modules.enabled += "play.filters.csrf.CSRFModule"
# CSRF config
play.filters.csrf {
token {
name = "csrfToken"
sign = true
}
cookie {
name = null
secure = ${play.http.session.secure}
httpOnly = false
}
body.bufferSize = ${play.http.parser.maxMemoryBuffer}
bypassCorsTrustedOrigins = true
header {
name = "Csrf-Token"
protectHeaders {
Cookie = "*"
Authorization = "*"
}
bypassHeaders {}
}
method {
whiteList = ["GET", "HEAD", "OPTIONS"]
blackList = []
}
contentType {
whiteList = []
blackList = []
}
errorHandler = null
}
您可以在此处了解有关配置的更多信息https://www.playframework.com/documentation/2.5.x/resources/confs/filters-helpers/reference.conf
在您的模板文件中只需导入帮助程序
@import helper._
然后像这样在你的表单中使用它
<form method="POST" action="...">
@CSRF.formField
如何在 Play 2.5.4 中实现 CSRFfilters? play文档错误(编译不通过,play 2.5.4下无法运行java api),这里的例子编译不通过(
2.5 java API 有一个 CRSFFilter class 但它不是 EssentialFilter 的子 class 因此不能添加到 EssentialFilters 数组中,因为它是类型错误。
Play 2.5.4 的此功能当前是否已损坏或当前是否有文档 misleading/wrong?
这段代码对我来说很好用,Play 2.5.4 Java。 创建 app/Filters.java 文件并将此
import javax.inject.*;
import play.*;
import play.mvc.EssentialFilter;
import play.http.HttpFilters;
import play.mvc.*;
import play.filters.csrf.CSRFFilter;
public class Filters implements HttpFilters {
private CSRFFilter csrfFilter;
@Inject
public Filters(
CSRFFilter csrfFilter) {
this.csrfFilter = csrfFilter;
}
@Override
public EssentialFilter[] filters() {
return new EssentialFilter[] {
csrfFilter.asJava()
};
}
}
在build.sbt
中添加过滤器依赖libraryDependencies += filters
并在你的 application.conf 中输入
play.modules.enabled += "play.filters.csrf.CSRFModule"
# CSRF config
play.filters.csrf {
token {
name = "csrfToken"
sign = true
}
cookie {
name = null
secure = ${play.http.session.secure}
httpOnly = false
}
body.bufferSize = ${play.http.parser.maxMemoryBuffer}
bypassCorsTrustedOrigins = true
header {
name = "Csrf-Token"
protectHeaders {
Cookie = "*"
Authorization = "*"
}
bypassHeaders {}
}
method {
whiteList = ["GET", "HEAD", "OPTIONS"]
blackList = []
}
contentType {
whiteList = []
blackList = []
}
errorHandler = null
}
您可以在此处了解有关配置的更多信息https://www.playframework.com/documentation/2.5.x/resources/confs/filters-helpers/reference.conf
在您的模板文件中只需导入帮助程序
@import helper._
然后像这样在你的表单中使用它
<form method="POST" action="...">
@CSRF.formField