search

FriendsOfCake / crud-json-api

Build advanced JSON API Servers with almost no code.
https://crud-json-api.readthedocs.io/
MIT License
56 stars 32 forks source link

Dealing with CSRF middleware #96

Closed mosesliao closed 5 years ago

mosesliao commented 5 years ago

I keep getting this CSRF token mismatch via an api call. Is there a way to handle it in a graceful way? I heard that disabling it is not advisable. I am using this library plus this code

    public function add()
    {
        $location = $this->Locations->newEntity();
        if ($this->request->is('post')) {
            $location->code = $this->request->getData('code');
            $location->name = $this->request->getData('name');
            if ($this->Locations->save($location)) {
              $this->set([
                'success' => true,
                '_serialize' => ['success']
              ]);
            }
        }
    }
Screenshot 2019-03-29 at 9 26 37 PM
ADmad commented 5 years ago

Just don't use the CSRF middleware for API URLs. Stateless API can't suffer from CSRF.