Scala Csrf Headers Bypass
Description
Detects misconfigured CSRF bypass headers in Scala applications that could allow attackers to bypass CSRF protection mechanisms. When certain headers are configured to bypass CSRF checks, malicious requests could potentially circumvent the application's CSRF defenses.
Detection Strategy
• Look for configuration files containing a 'bypassHeaders' block
• Search within the bypassHeaders block for X-Requested-With header bypass configurations
• Search within the bypassHeaders block for CSRF token header bypass configurations
• Report a vulnerability if both X-Requested-With and CSRF token header bypasses are found within the same bypassHeaders block
Vulnerable code example
play.filters.csrf {
header {
bypassHeaders { # Vulnerable: Allows CSRF bypass by accepting any value for headers
X-Requested-With = "*"
Csrf-Token = "nocheck"
}
protectHeaders = null # Vulnerable: Disables CSRF header protection
}...✅ Secure code example
play.filters.csrf {
header {
bypassHeaders = {} # Empty to prevent CSRF bypass through headers
protectHeaders = ["Origin", "X-Requested-With"] # Enable header protection with secure defaults
}
bypassCorsTrustedOrigins = false # Explicitly disable CORS bypass
method {
whiteList = ["GET", "HEAD", "OPTIONS"] # Only allow safe methods that don't modify state...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.