XF 2.2 Disable CSRF protection for single URL?

mjda · Aug 26, 2021

I'm using a web hook that will POST to a page on my site. Unfortunately, I can't set the CSRF on the hook keeps getting rejected by XF. Is there a way I can disable the CSRF protection on this particular URL only, but still have it active on the rest of the site?

iNnOceNtbOy · Aug 3, 2023

mattrogowski · Aug 3, 2023

In the controller:

PHP:

public function checkCsrfIfNeeded($action, ParameterBag $params)
{
    if ($action == 'ActionName') {
        return false;
    }

    return parent::checkCsrfIfNeeded($action, $params);
}

Swap out ActionName for the name of the action.

iNnOceNtbOy · Aug 3, 2023

mattrogowski said:
In the controller:

PHP:

public function checkCsrfIfNeeded($action, ParameterBag $params) { if ($action == 'ActionName') { return false; } return parent::checkCsrfIfNeeded($action, $params); }

Swap out ActionName for the name of the action.

Hi, Thanks for such quick reply, But I already tried this solution, But response is still same. Invalid Token. I'm working for file manager for admin panel. Is there any other requirement for admin panel csrf ?

mattrogowski · Aug 3, 2023

If it doesn't work then you must be doing something wrong, the same function is used in the admin controllers if you search the codebase. You're likely not checking the correct action name.

iNnOceNtbOy · Aug 3, 2023

mattrogowski said:
If it doesn't work then you must be doing something wrong, the same function is used in the admin controllers if you search the codebase. You're likely not checking the correct action name.

Ah my Bad, that was script error. This feature worked actually. Thanks

XF 2.2 Disable CSRF protection for single URL?

mjda

Well-known member

mattrogowski

iNnOceNtbOy

Member

mattrogowski

Well-known member

iNnOceNtbOy

Member

mattrogowski

Well-known member

iNnOceNtbOy

Member

Similar threads

We value your privacy