XF 2.1 How to skip CSRF token for a specific route?

[sajal]

I have a custom POST route which is called from third party, so it's not possible to pass CSRF token. How to skip it? Because when I try to call it, it gives me 400 bad request security error.

 

[Moritz Zimmerman]

Were you able to solve this problem? I'm going through the same thing.

 

[Jeremy P]

Be sure you understand the security implications, then override the controller method which checks it:

/**
 * @param string $action
 */
public function checkCsrfIfNeeded($action, ParameterBag $params)
{
    if (strtolower($action) == 'some-action')
    {
        return;
    }

    parent::checkCsrfIfNeeded($action, $params);
}

 

[MentaL]

Couldn't you not just use a CF rule to bypass on a specific target url?