Fail to perform localhost POST call using postman (play framework 2.6)

Question

Its so weird, im testing my app controller methods on localhost:9000 using postman, for my GET api methods I have no problem access and get response, but for a POST api methods im getting:

play.filters.CSRF - [CSRF] Check failed because no token found in headers

never seeen this message...

I have the simplest controller:

 def invoiceQA(): Action[JsValue] = Action.async(parse.json) { request =>
    Future{Ok(Json.toJson("""{"message": "got your json"}"""))}
  }

my route:

POST    /update    controllers.MyController.update

in postman im getting 403 forbidden..

postman address:

http://localhost:9000/update

does someone know why is that..?

Answer 1

If you look at the Play ScalaCsrf Docs , the CSRF filter is configured and the check is made if any of the conditions are given:

• The request method is not GET, HEAD or OPTIONS.
• The request has one or more Cookie or Authorization headers.
• The CORS filter is not configured to trust the request's origin.

If you don't want CSRF protection at all, you can just disable the filter by adding the following configuration (more info in the Play Filters Docs :

play.filters.disabled+=play.filters.csrf.CSRFFilter

Answer 2

If you only want to disable CSRF for a certain route, you can do it like this:

+ nocsrf
POST    /update    controllers.MyController.update