XF 2.0 Disable CSRF protection on login & register

Jean-Baptiste

Jean-Baptiste

Well-known member
Hello,

I would like to disable CSRF protection for login & registration actions.

Any ideas on how to do this ?

Best regards
 
Add the following function to the controller (ideally extend with an add-on to preserve the override):

PHP: 
public function checkCsrfIfNeeded($action, ParameterBag $params)
{
    if (strtolower($action) == 'the-action')
    {
        return;
    }

    parent::checkCsrfIfNeeded($action, $params);
}

If you want to disable it for the entire controller, just override with a blank function.

What's the use case? It's generally not a good idea to disable it unless you really have to.
 
You must log in or register to reply here.

Similar threads

mjda
  • Solved
XF 2.2 Disable CSRF protection for single URL?
Replies
5
Views
507
iNnOceNtbOy
iNnOceNtbOy
eva2000
  • Suggestion Suggestion
Compatibility for CSRF protection & Cloudflare full HTML page caching
2
Replies
30
Views
4K
digitalpoint
digitalpoint
researcher
XF 2.1 How can I disable the CSRF protection?
Replies
4
Views
984
researcher
researcher
Kent
  • Suggestion Suggestion
Implemented Censor "password" and "password_confirm" on login/register errors
Replies
0
Views
708
Kent
Kent
Deepmartini
  • Question Question
Show teaser content from thread on login/registration page?
Replies
0
Views
757
Deepmartini
Deepmartini
Top Bottom