TechQA.

How to disable Csrf Protection for API in CakePHP 5?

35 views Asked by At

If you added API prefix routing and want to disable Csrf Protection for POST, PUT API requests then follow the below listed steps.

First add API prefix routing into config/routes.php

$routes->prefix('api', function (RouteBuilder $routes): void {
          $routes->setExtensions(['json', 'xml'])
          $routes->connect(
            '/token',
            ['controller' => 'Users', 'action' => 'token']
            )->setMethods(['POST']);
          $routes->resources('Users');
          $routes->resources('Pages');
      });

Now update src/Application.php.

public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
    {

        $csrf = new CsrfProtectionMiddleware(['httponly' => true]);

        // Disable CSRF for API
        // Token check will be skipped when callback returns `true`.
        $csrf->skipCheckCallback(function ($request) {
            // Skip token check for API URLs.
            if ($request->getParam('prefix') === 'Api') {
                return true;
            }
        });
        .
        .
        .
        .
        ->add($csrf);
        return $middlewareQueue;
    }

I tried above code and it is working.

rest cakephp csrf
Original Q&A
0

There are 0 answers

Related Questions in REST

Related Questions in CAKEPHP

Related Questions in CSRF

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions