Google auth failing: Check failed because application/json for request


#1

Hello,

I am trying to setup authentication on client side with Silhouette 5.0.0 and Play 2.6. Everything works fine if I disable CSRFFilter, but when I activate it I get the following log once the popup authenticating me through Google is over:
[warn] p.filters.CSRF - [CSRF] Check failed because application/json for request /authenticate/google

I am not sure what I should do.

Cheers,
Emmanuel


#2

Do you use a Seed template?


#3

I started from my own “seed”: https://github.com/epot/play-silhouette-angular-typescript.g8.
The project is here (I did not push the code activating the CSRF filter yet as it does not work):
https://github.com/epot/Gifter


#4

From the default CSRF conf:

Content type lists

If both white lists and black lists are empty, then all content types are checked.

This means that it checks POST requests with content type application/json. So you must send your CSRF token along with the request.


#5

Do you mean addding this:
play.filters.csrf.cookie.name=“PLAY_CSRF_TOKEN” // We store the CSRF token in a cookie instead of the session so that UI app can read it

?


#6

Yes, then you must read the token and send it with every POST request.


#7

I am not sure how to do that as the final POST is done by Google as far as I understand, but I will try to look at how the react seed is working to understand. Thanks!


#8

I now understand better the flow, and it was actually something missing in the client-side library I am using (ng2-ui-auth) that was not passing the cookie along. Thanks!