Craft CMS Asked on August 12, 2021
I have a Craft 3 installation and want to add a tab/app to Facebook like domain.com/facebook
Facebook sends a post request to the configured secure tab URL. Now when Craft’s CSRF protection is enabled, Craft gives an error. If I disable CSRF protection the tab shows up in Facebook.
I don’t want to disable CSRF – what could i do… plugin with a controller to render the template?
You can disable the token for a certain controller via
use Craft;
...
Yii::$app->controller->enableCsrfValidation = false;
or inside a Controller for a certain request
/**
* @inheritdoc
*/
public function beforeAction($action)
{
if ($action->id == 'my-method') {
$this->enableCsrfValidation = false;
}
return parent::beforeAction($action);
}
Take a look at $enableCsrfValidation property of yiiwebController.
Answered by Robin Schambach on August 12, 2021
Try to disable the CSRF protection by event
use Yii;
use yiibaseActionEvent;
use yiibaseEvent;
use yiiwebController;
Event::on(Controller::class, Controller::EVENT_BEFORE_ACTION, function (ActionEvent $actionEvent) {
if ($actionEvent->action->id == 'facebook') {
Yii::$app->controller->enableCsrfValidation = false;
}
});
Answered by Mostafa Soufi on August 12, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP