Saturday, January 1, 2022

[FIXED] CakePHP 3.6.10 disable completely CSRF token check

           No comments   

Issue

I need to completely disable the control of the CSRF token for my application. I tried to use:

    public function beforeFilter(Event $event)
    {
      $this->getEventManager()->off($this->Csrf);
    }

In AppController but it does not seem to work. Manual link: Disabling the CSRF Component for Specific Actions

I did a lot of tests, read many posts but I could not solve.

Ty.

@omerowitz This is my AppController before filter action:

    public function beforeFilter(Event $event)
{
    $this->getEventManager()->off($this->Security);
    if($this->request->is('post')) {
        $this->getEventManager()->off($this->Csrf);
    }
    $this->Auth->allow(['index', 'view', 'display']);
}

but it still does not work, I still have the error 'CSRF token mismatch.' when I effect a request with postman

SOLUTION:

I have remove this :

->add(new CsrfProtectionMiddleware([
     'httpOnly' => true
  ]));

From Application.php. Why this is not indicated in the manual?

Ty all!


Solution

I think in Cake 3.6 You should remove CsrfProtectionMiddleware from middleware queue: src/Application.php



Answered By - Dariusz Majchrzak

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...