Disable CSRF for Specific Actions or Form Fields Fields in CakePHP4

Disable CSRF for Specific Actions or Form Fields Fields in CakePHP4

Examples for disabling CSRF actions and form fields in CakePHP4:

In the src/Application.php

//disable CSRF for 
$csrf = new CsrfProtectionMiddleware(['httponly'=>true]);
$csrf->skipCheckCallback(function($request) {  
 //  .. return true when you want to disable CSRF checks
}

 

Unlock an Action in CakePHP4:

in src/Controller/ControllerYouName.php

    public function initialize(): void {
        parent::initialize();
        $this->loadComponent('Security');
        $this->Security->setConfig('unlockedActions', ['youraction']);

        ...

 

Unlock a Form Field in CakePHP 4:
This can be useful when posting captcha or payment keys generated by 3rd parties.

//inside your form
<?php $this->Form->unlockField('your_field_name'); ?>

 

Share this Post