XF 2.0 Using the POST method instead of GET.

[Ben Fillmore]

Is there some kind of trick to getting this to work? My the action on my controller responds perfectly well to GET requests, but doesn't seem to be hit when I make the same request as a POST.

public function actionTest(\XF\Mvc\ParameterBag $params)
{
    die("HERE");
}

 

[Ben Fillmore]

And after trolling through the XF Code for almost 2 hours, I figured it out. CSRF Tokens. I just wish it all hadn't failed silently.

I cheated and added this function to my controller to bypass the checks.

public function checkCsrfIfNeeded($action, \XF\Mvc\ParameterBag $params)
{
    return;
}

 

[AddonFlare]

Why not just pass the CSRF token to the request?

 

[S Thomas]

It shouldn't silently fail. The response should be a 5xx iirc. So analyzing that you would have known that it is a security issue.

 

[Ben Fillmore]

@AddonFlare because I'm developing a minimal external API, and won't have a CSRF token. I'm authenticating each request with HTTP Basic Auth instead.

@yoloswaggerino I truly wish it had given me a 5xx response code. But alas, it didn't, and I spent a lot of time trolling through the codebase.

It's all good, though. Things are working well now.