Google auth failing: Check failed because application/json for request



I am trying to setup authentication on client side with Silhouette 5.0.0 and Play 2.6. Everything works fine if I disable CSRFFilter, but when I activate it I get the following log once the popup authenticating me through Google is over:
[warn] p.filters.CSRF - [CSRF] Check failed because application/json for request /authenticate/google

I am not sure what I should do.



Do you use a Seed template?


I started from my own “seed”:
The project is here (I did not push the code activating the CSRF filter yet as it does not work):


From the default CSRF conf:

Content type lists

If both white lists and black lists are empty, then all content types are checked.

This means that it checks POST requests with content type application/json. So you must send your CSRF token along with the request.


Do you mean addding this:“PLAY_CSRF_TOKEN” // We store the CSRF token in a cookie instead of the session so that UI app can read it



Yes, then you must read the token and send it with every POST request.


I am not sure how to do that as the final POST is done by Google as far as I understand, but I will try to look at how the react seed is working to understand. Thanks!


I now understand better the flow, and it was actually something missing in the client-side library I am using (ng2-ui-auth) that was not passing the cookie along. Thanks!