Last active
October 30, 2023 10:33
-
-
Save ananth-iyer/59ecfabcbca73d6c2e3eeb986ed2f3c4 to your computer and use it in GitHub Desktop.
Magento 2.3.0: Implement below code to skip the CSRF check on your custom route called outside Magento environment. This implementation does not break core frontend/adminhtml routes, Magento 2.3/2.2/2.1 web stores.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace Vendor\Module\Plugin; | |
| class CsrfValidatorSkip | |
| { | |
| /** | |
| * @param \Magento\Framework\App\Request\CsrfValidator $subject | |
| * @param \Closure $proceed | |
| * @param \Magento\Framework\App\RequestInterface $request | |
| * @param \Magento\Framework\App\ActionInterface $action | |
| */ | |
| public function aroundValidate( | |
| $subject, | |
| \Closure $proceed, | |
| $request, | |
| $action | |
| ) { | |
| /* Magento 2.1.x, 2.2.x */ | |
| if ($request->getModuleName() == 'Your_Module_frontName_Here') { | |
| return; // Skip CSRF check | |
| } | |
| /* Magento 2.3.x */ | |
| if (strpos($request->getOriginalPathInfo(), 'Add_Controller_frontName') !== false) { | |
| return; // Skip CSRF check | |
| } | |
| $proceed($request, $action); // Proceed Magento 2 core functionalities | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd"> | |
| <type name="Magento\Framework\App\Request\CsrfValidator"> | |
| <plugin name="csrf_validator_skip" type="Vendor\Module\Plugin\CsrfValidatorSkip" /> | |
| </type> | |
| </config> |
Sorry to bother, but unfortunately I'm not able to implement your solution (and in effect it's exactly what I need. So thank you in advance !)
- Created Directory app/code/MyVendorName
- Created Directory app/code/MyVendorName/MyModuleName
- Created Directory app/code/MyVendorName/MyModuleName/etc
- Created file app/code/MyVendorName/MyModuleName/etc/di.xml and copied the contents you provided here (adapted
<plugin name="csrf_validator_skip" type="MyVendorName\MyModuleName\Plugin\CsrfValidatorSkip" />) - Created Directory app/code/MyVendorName/MyModuleName/Plugin
- Created file app/code/MyVendorName/MyModuleName/Plugin/CsrfValidatorSkip.php and copied the contents you provided here (adapted
namespace MyVendorName\MyModuleName\Pluginand also changed Add_Controller_frontName)
Then I've run:
bin/magento setup:upgrade && bin/magento setup:di:compile
How can I determine if the plugin works or not ? Or better, How can I know if the Plugin is loaded or not ? I still receive a 302 response when I try to POST data to https://mysite.com/Add_Controller_frontName.
Magento version is 2.3.6-p1
Thank you for your contribution and for your help
Perfect solution! thanks mate
Hi All, here is another gist to easily enable/disable Xdebug on local - https://gist.github.com/ananth-iyer/cc45380c5f722aedd35a3e9a40ed8c35
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Works on Magento 2.4. Thanks.