search

t2v / play2-auth

Play2.x Authentication and Authorization module
Apache License 2.0
608 stars 142 forks source link

POST request responses are all "Unauthorized" #182

Closed camilosampedro closed 7 years ago

camilosampedro commented 7 years ago

I have this controller:

def amILoggedIn: Action[AnyContent] = StackAction(AuthorityKey -> Customer){ implicit request =>
    Ok("you are logged in")
}

When I send a GET request to my server after being logged, the response is a 200 "you are logged in". But when I send a POST request, the response is the default Play's "Unauthorized" HTML page: 

Unauthorized
You must be authenticated to access this page.

My routes are:

GET         /logintest                         controllers.LoginTest.amILoggedIn
POST        /logintest                         controllers.LoginTest.amILoggedIn

It does not even check authority with the play2auth auth config, I suspect it is not recognizing the cookie that the client has after being logged in.

camilosampedro commented 7 years ago

I'm sorry, I found the problem, it caused by the Play's CSRFFilter, it was necessary to use a CSRF token on post requests.