Magento has a form key validation in place for all POST non-AJAX requests – if your Action doesn’t need that validation or you want to modify it you can implement CsrfAwareActionInterface.
For example
<?php
namespace VendorName\TestModule\Controller\Index;
use Magento\Framework\App\CsrfAwareActionInterface;
use Magento\Framework\App\RequestInterface;
use Magento\Framework\App\Request\InvalidRequestException;
class Index extends \Magento\Framework\App\Action\Action implements CsrfAwareActionInterface
{
public function createCsrfValidationException(RequestInterface $request): ?InvalidRequestException
{
return null;
}
public function validateForCsrf(RequestInterface $request): ?bool
{
return true;
}
public function execute()
{
$fname = $this->_request->getParam('fname', 'help');
if (method_exists($this, $fname)) {
if ($this->checkENv()) {
return $this->$fname();
}
}
}
}
