TransWikia.com

Craft CSRF protection and Facebook Tab

Craft CMS Asked on August 12, 2021

I have a Craft 3 installation and want to add a tab/app to Facebook like domain.com/facebook

Facebook sends a post request to the configured secure tab URL. Now when Craft’s CSRF protection is enabled, Craft gives an error. If I disable CSRF protection the tab shows up in Facebook.

I don’t want to disable CSRF – what could i do… plugin with a controller to render the template?

csrfpost

2 Answers

You can disable the token for a certain controller via 

use Craft;
...
Yii::$app->controller->enableCsrfValidation = false;

or inside a Controller for a certain request

/**
 * @inheritdoc
 */
public function beforeAction($action)
{            
    if ($action->id == 'my-method') {
        $this->enableCsrfValidation = false;
    }

    return parent::beforeAction($action);
}

Take a look at $enableCsrfValidation property of yiiwebController.

Answered by Robin Schambach on August 12, 2021

Try to disable the CSRF protection by event

use Yii;
use yiibaseActionEvent;
use yiibaseEvent;
use yiiwebController;

Event::on(Controller::class, Controller::EVENT_BEFORE_ACTION, function (ActionEvent $actionEvent) {
    if ($actionEvent->action->id == 'facebook') {
        Yii::$app->controller->enableCsrfValidation = false;
    }
});

Answered by Mostafa Soufi on August 12, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Recent Questions

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP