Hi all,

I am still working on expanding on the latest play-silhouette 6.0.0 seed.
I added a JWT environment in order to expose an API service (annotated by Swagger) for apps.
Everything is working fine (apparently at least).

But when I send a request (a POST request) without the X-Auth-Token header to a secured silhouette.SecuredAction I get a 500 Undocumented Error: Internal Server Error saying [RuntimeException: No CSRF token was generated for this request! Is the CSRF filter installed?]
The same happens if the X-Auth-Token is wrong.
Instead if it is the correct one, the action succeeds.

This does not change even if I add a local error handler in the controller, checking onNotAuthenticated and onNotAuthorized, so I guess the issue is deeper and probably more rooted into Play than Silhouette.

Nevertheless, since I guess this should be quite a common use case for Silhouette, I try asking here. So far I didn’t touch the seed configuration regarding CSRF.

Can you help me to understand and possibly mitigate?

Nevermind, I was not passing the local error handler errorHandler to silhouette.SecuredAction(errorHandler).