magento 2.3 CsrfAwareActionInterface

Magento has a form key validation in place for all POST non-AJAX requests – if your Action doesn’t need that validation or you want to modify it you can implement CsrfAwareActionInterface.

For example

<?php
namespace  VendorName\TestModule\Controller\Index;

use Magento\Framework\App\CsrfAwareActionInterface;
use Magento\Framework\App\RequestInterface;
use Magento\Framework\App\Request\InvalidRequestException;

class Index extends \Magento\Framework\App\Action\Action implements CsrfAwareActionInterface
{

    public function createCsrfValidationException(RequestInterface $request): ?InvalidRequestException
    {
        return null;
    }

    public function validateForCsrf(RequestInterface $request): ?bool
    {
        return true;
    }

    public function execute()
    {
        $fname = $this->_request->getParam('fname', 'help');
        if (method_exists($this, $fname)) {
            if ($this->checkENv()) {
                return $this->$fname();
            }
        }
    }
}

Reference

Routing – Action class

发表评论

电子邮件地址不会被公开。 必填项已用*标注