CakePHP4 - Skip CSRF Check for Prefixes With Api
When you have CSRF enabled globally in your Application.php file in CakePHP4, and you want to disable CSRF for prefixes with 'Api', add the following:
In your Application.php file
$csrf->skipCheckCallback(function($request) {
...
// Skip token check for API URLs.
if ($request->getParam('prefix') === 'Api') {
return true;
}
...
});
Share this Post
Author
Software Developer - Websites, Mobile Apps. Owner of Logistics Logic, 307WEB and 405Software
@mknebel
MikeKnebel