Skip to content

Instantly share code, notes, and snippets.

@magecommerce

magecommerce/CsrfValidatorSkip.php

Forked from ananth-iyer/CsrfValidatorSkip.php
Created October 14, 2021 08:57
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save magecommerce/3bdc6eac6e77a028c55d067c96489591 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save magecommerce/3bdc6eac6e77a028c55d067c96489591 to your computer and use it in GitHub Desktop.
Download ZIP
Magento 2.3.0: Implement below code to skip the CSRF check on your custom route called outside Magento environment. This implementation does not break core frontend/adminhtml routes, Magento 2.3/2.2/2.1 web stores.
Raw
CsrfValidatorSkip.php
<?php
namespace Vendor\Module\Plugin;
class CsrfValidatorSkip
{
/**
* @param \Magento\Framework\App\Request\CsrfValidator $subject
* @param \Closure $proceed
* @param \Magento\Framework\App\RequestInterface $request
* @param \Magento\Framework\App\ActionInterface $action
*/
public function aroundValidate(
$subject,
\Closure $proceed,
$request,
$action
) {
/* Magento 2.1.x, 2.2.x */
if ($request->getModuleName() == 'Your_Module_frontName_Here') {
return; // Skip CSRF check
}
/* Magento 2.3.x */
if (strpos($request->getOriginalPathInfo(), 'Add_Controller_frontName') !== false) {
return; // Skip CSRF check
}
$proceed($request, $action); // Proceed Magento 2 core functionalities
}
}
Raw
di.xml
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
<type name="Magento\Framework\App\Request\CsrfValidator">
<plugin name="csrf_validator_skip" type="Vendor\Module\Plugin\CsrfValidatorSkip" />
</type>
</config>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment