CakePHP 3.6.x CSRF Token Mismatch

Question

I am attempting to post an AJAX request to a controller method...

I have done the following per the instructions on https://book.cakephp.org/3.0/en/controllers/components/csrf.html#csrf-protection-and-ajax-requests

public function beforeFilter(Event $event)
{
    $this->Security->config('unlockedActions', ['galleryReorder']);

    if (in_array($this->request->action, ['galleryReorder'])) {
        $this->eventManager()->off($this->Csrf);
    }

    return parent::beforeFilter($event); 
}

However, the beforeFilter method does not seem to be firing, and I continue to get a CSRF Token Mismatch...

Any ideas on what I could be doing wrong?

Thank you

Are you using the CSRF middleware? If so, the solution for skipping CSRF protection on a request is quite different. — Greg Schmidt, Feb 23 '19 at 17:49
I believe I am, how do i go about skipping the middleware csrf protection? — Jeffrey L. Roberts, Feb 23 '19 at 18:46
Possible duplicate of [Disabling CSRF on a specific action CakePHP 3](https://stackoverflow.com/questions/31018156/disabling-csrf-on-a-specific-action-cakephp-3) — Greg Schmidt, Feb 23 '19 at 21:21
@GregSchmidt That's not an overly good example though, as accessing superglobals directly should be avoided whenever possible - unless of course you _want_ to mess up the test environment ;) Not that I want to shill for myself, but check for example **https://stackoverflow.com/questions/47714940/cakephp-3-5-6-disable-csrf-middleware-for-controller** for an idea on how to use routes and custom middlewares to apply CSRF protection partially/conditionally. — ndm, Feb 24 '19 at 14:59
Good point, I didn't look closely enough at the implementation details there, just the broad strokes. — Greg Schmidt, Feb 24 '19 at 17:30

CakePHP 3.6.x CSRF Token Mismatch

0 Answers0