Magento has a form key validation in place for all POST non-AJAX requests - if your Action doesn’t need that validation or you want to modify it you can implement CsrfAwareActionInterface. For example
use Magento\Framework\App\CsrfAwareActionInterface; use Magento\Framework\App\RequestInterface; use Magento\Framework\App\Request\InvalidRequestException;
class Index extends \Magento\Framework\App\Action\Action implements CsrfAwareActionInterface {
public function createCsrfValidationException(RequestInterface $request): ?InvalidRequestException { return null; }
public function validateForCsrf(RequestInterface $request): ?bool { return true; }
public function execute() { $fname = $this->_request->getParam('fname', 'help'); if (method_exists($this, $fname)) { if ($this->checkENv()) { return $this->$fname(); } } } }