Disable CSRF for Specific Actions or Form Fields Fields in CakePHP4

Disable CSRF for Specific Actions or Form Fields Fields in CakePHP4

cakephpcake4

Disable CSRF for Specific Actions or Form Fields Fields in CakePHP4

Examples for disabling CSRF actions and form fields in CakePHP4:

In the src/Application.php

//disable CSRF for 
$csrf = new CsrfProtectionMiddleware(['httponly'=>true]);
$csrf->skipCheckCallback(function($request) {  
 //  .. return true when you want to disable CSRF checks
}

 

Unlock an Action in CakePHP4:

in src/Controller/ControllerYouName.php

    public function initialize(): void {
        parent::initialize();
        $this->loadComponent('Security');
        $this->Security->setConfig('unlockedActions', ['youraction']);

        ...

 

Unlock a Form Field in CakePHP 4:
This can be useful when posting captcha or payment keys generated by 3rd parties.

//inside your form
<?php $this->Form->unlockField('your_field_name'); ?>

 

Share this Post

Author

Avatar for mike knebel

mike knebel

Software Developer - Websites, Mobile Apps. Owner of Logistics Logic, 307WEB and 405Software
@mknebel   MikeKnebel