New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Play 2.2.x doc related to CSRF is incorrect #1728
Comments
This kinda sucks, to make it work nicely, we'll have to make all the constructor arguments to CSRFFilter by name parameters, which will break binary compatibility. Perhaps we could make a constructor with non by name parameters to maintain backwards compatibility... maybe that will work, maybe not. Unfortunately, even though the documentation was extracted out into separate code files, because the Global object in the documentation was instantiated in the context of a running app, it didn't pick up this issue. |
I did not catch --> ' Global object in the documentation was instantiated in the context of a running app' can you provide code what is the correct way to define Global object. Thanks. |
The workaround you posted is correct, my comment was a note for the next person in the Play team who looks at this. The way we've published it in the docs is the way we want it to be used, so we'll want to fix the CSRFFilter so it does work that way, but unfortunately it's not going to be a straight forward fix. |
Okay, thanks for response. |
* Fixes playframework#1734, custom token generator feature reinstatement * Fixes playframework#1728, ensured CSRFFilter can be instantiated without a running application * Added a csrf.sign.tokens conifguration option to switch between default CSRF token providers, either signed or unsigned. * Abstracted tests so they can be run on many different permutations of configuration * Added documentation about all the different configuration options This commit breaks binary compatibility, the CSRFFilter constructor parameters are now not lazy, and CSRFFilter is no longer a case class, so many of the methods it used to provide are no longer there. This was deemed necessary because the intended use of CSRFFilter, ie: object Global extends WithFilters(CSRFFilter()) with GlobalSettings was not possible with the old constructor. The constructor is however still source compatible for most use cases. Since that constructor is intentionally breaking binary compatibility, new parameters that were added for custom token generation and configuration signing were added without consideration for binary compatibility, only source compatibility.
Hi, I am just learning Play and using Scala so I follow docs:http://www.playframework.com/documentation/2.2.x/ScalaCsrf and find out that it does not work, if I add:
as described I got
play.api.PlayException: Cannot init the Global object[null]
at play.api.WithDefaultGlobal$$anonfun$play$api$WithDefaultGlobal$$globalInstance$1.apply(Application.scala:55) ~[play_2.10.jar:2.2.0]
at play.api.WithDefaultGlobal$$anonfun$play$api$WithDefaultGlobal$$globalInstance$1.apply(Application.scala:49) ~[play_2.10.jar:2.2.0]
at play.utils.Threads$.withContextClassLoader(Threads.scala:18) ~[play_2.10.jar:2.2.0]
at play.api.WithDefaultGlobal$class.play$api$WithDefaultGlobal$$globalInstance(Application.scala:48) ~[play_2.10.jar:2.2.0]
at play.api.DefaultApplication.play$api$WithDefaultGlobal$$globalInstance$lzycompute(Application.scala:399) ~[play_2.10.jar:2.2.0]
at play.api.DefaultApplication.play$api$WithDefaultGlobal$$globalInstance(Application.scala:399) ~[play_2.10.jar:2.2.0]
Caused by: java.lang.ExceptionInInitializerError: null
at sun.misc.Unsafe.ensureClassInitialized(Native Method) ~[na:1.7.0_40]
at sun.reflect.UnsafeFieldAccessorFactory.newFieldAccessor(UnsafeFieldAccessorFactory.java:43) ~[na:1.7.0_40]
at sun.reflect.ReflectionFactory.newFieldAccessor(ReflectionFactory.java:140) ~[na:1.7.0_40]
at java.lang.reflect.Field.acquireFieldAccessor(Field.java:1057) ~[na:1.7.0_40]
at java.lang.reflect.Field.getFieldAccessor(Field.java:1038) ~[na:1.7.0_40]
at java.lang.reflect.Field.get(Field.java:379) ~[na:1.7.0_40]
Caused by: java.lang.RuntimeException: There is no started application
at scala.sys.package$.error(package.scala:27) ~[scala-library.jar:na]
at play.api.Play$$anonfun$current$1.apply(Play.scala:68) ~[play_2.10.jar:2.2.0]
at play.api.Play$$anonfun$current$1.apply(Play.scala:68) ~[play_2.10.jar:2.2.0]
at scala.Option.getOrElse(Option.scala:120) ~[scala-library.jar:na]
at play.api.Play$.current(Play.scala:68) ~[play_2.10.jar:2.2.0]
at play.filters.csrf.CSRFConf$.c(csrf.scala:10) ~[filters-helpers_2.10.jar:2.2.0]
[warn] play - No application found at invoker init
To fix it I did
In Global:
override def doFilter(action:EssentialAction) = CSRFFilter().apply(next = action)
in *.scala.html have to add:
(implicit token: play.filters.csrf.CSRF.Token)
as part of parametersThe text was updated successfully, but these errors were encountered: