I am using play-2.2.3 to develop APIs. These APIs are accessed by a PHP/JQuery front-end. Simple example would be a resetPassword API. From the PHP, when I call the reset password API, it should be protected by a CSRF token so that someone cannot simply call that API and reset someone else's password. Short of rendering the form using Scala (provided by Play-2.2.3), is there a way to manually have single-use server-side tokens which appear as hidden form fields in the reset password form and get verified in the post request by the server on submit of the form?
How can I use CSRF tokens provided by the play framework (play-2.2.3) with a PHP front-end?
906 views Asked by Farhad At
1
There are 1 answers
Related Questions in JAVA
- I need the BIRT.war that is compatible with Java 17 and Tomcat 10
- Creating global Class holder
- No method found for class java.lang.String in Kafka
- Issue edit a jtable with a pictures
- getting error when trying to launch kotlin jar file that use supabase "java.lang.NoClassDefFoundError"
- Does the && (logical AND) operator have a higher precedence than || (logical OR) operator in Java?
- Mixed color rendering in a JTable
- HTTPS configuration in Spring Boot, server returning timeout
- How to use Layout to create textfields which dont increase in size?
- Function for making the code wait in javafx
- How to create beans of the same class for multiple template parameters in Spring
- How could you print a specific String from an array with the values of an array from a double array on the same line, using iteration to print all?
- org.telegram.telegrambots.meta.exceptions.TelegramApiException: Bot token and username can't be empty
- Accessing Secret Variables in Classic Pipelines through Java app in Azure DevOps
- Postgres && statement Error in Mybatis Mapper?
Related Questions in PHP
- How to add the dynamic new rows from my registration form in my database?
- Issue in payment form gateway
- How to create a facet for WP gridbuilder that displays both parent and child custom fields?
- Function in anonymous Laravel Blade component
- How to change woocomerce or full wordpress currency with value from USD to AUD
- General questions about creating a custom theme Moodle CMS
- How to add logging to an abstract class in php
- error 500 on IIS FastCGI but no clue despite multiple error loggings activated
- Composer installation fails and reverts ./composer.json and ./composer.lock to original content
- How to isolate PHP apps from each other on a local machine(Windows or Linux)?
- Laravel: Using belongsToMany relationship with MongoDB
- window.location.href redirects but is causing problems on the webpage
- Key provided is shorter than 256 bits, only 64 bits provided
- Laravel's whereBetween method not working with two timestamps
- Implementing UUID as primary key in Laravel intermediate table
Related Questions in PLAYFRAMEWORK
- Install Play 1.7.1 on Windows
- Handling of WebSocket Client Messages in Play Framework
- Handling WebSocket Connections in Play Framework
- Handling WebSocket Connections in Play Framework in Scala
- build.sbt error: value addRepositoryAuthentication is not a member of lmcoursier.CoursierConfiguration
- How to log incoming request with Scala & Play Framework?
- Optionally enable Scala play to accept mLTS credentials?
- reactivemongo with scala3, pekko, play-3
- Specs 2 - I want to mock one of the injected modules into the controller class
- Scala3 equivalent to -Wconf src filter
- Using Selenium in Scala play not only for testing
- How to execute PUT REST client code using playframework in scala
- ERROR akka.actor.ActorSystemImpl(applica Uncaught error from thread, shutting down JVM since 'akka.jvm-exit-on-fatal-error' is enabled for ActorSystem
- Autogenerating unnapply for play form handling in scala3 for single-element case classes
- Play framework + Java +Ebean models.Donation is NOT an Entity Bean registered with this server?
Related Questions in CSRF
- Django admin csrf token not set
- 400 Bad Request From React Axios Graphql SageX3
- Laravel 11 with MongoDB: CSRF token doesn't work / 419 error on Login
- How to handle CSRF token with Firebase, Angular, and Express?
- Is checking whether req.body.csrfToken and req.cookies.csrfToken match is enough to prevent CSRF attack?
- When I turn on CSRF protection, it forbids all of my requests | Spring Security
- "An expected CSRF token cannot be found" Springboot 3.2.1 gateway + Springsecurity 6.2.1
- Django application experiencing "CSRF token missing" error specifically for POST requests when deployed with Nginx and Gunicorn
- NextJs not setting the cookie from django csrf_token
- Spring Security how to stop creating new CSRF cookie everytime a request is called
- 419 token mismatch laravel api and react
- Does clerk protect against CSRF for all form requests or just login/sign up?
- Django App not returning csrf token on get response.cookie consistently
- 403 error with SvelteKit form submissions behind ALB with TLS termination
- csrf error when simulating a post request in django
Related Questions in CSRF-PROTECTION
- How do I solve InvalidAuthenticityToken error from Postman?
- How to configure my NGINX to allow CSRF protection on my Spring Boot application
- get dynamic csrf token
- How do you disable VAADIN's csrf protection in Spring?
- How to make sure that csrf validation is being performed? Is there a way to check it?
- Is it okay to send XSRF-TOKEN from backend to frontend in a header instead of storing it as a cookie?
- Bypass the Origin header check and CSRF attack
- HTTP request header attributes path, domain vs SameSite
- What is the optimal way to secure JWT in cookies for a React/Redux application?
- How to fix "TypeError: Router.use() requires a middleware function"?
- Spring is generating CSRF token per request instead of per session, want to generate per session
- Symfony register not found CSRF token invalid
- Codeigniter default controller issue on Godaddy linux hosting
- CSRF attack in angular7
- How can I stop sending a preflight request on a redirect?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Figured out how to do this.
@AddCSRFTokenannotation on a method that will set a cookie calledPLAY_SESSION=.....-csrfToken=........PLAY_SESSIONcookie entirely, AND in the queryString, pass thecsrfToken=......