cakephp CSRF token Bypass

Question

I am very new to PHP and having little knowledge about cakePHP

I am trying to pass some sensitive information using POST method from site1.com to site2.com.

But the Problem is with CSRF protection at site2.com, it shows CSRF token Mismatch whenever i tried to pass post parameter to site2.com from site1.com.

I wanted to know how to bypass this csrf protection.. Is there any way to bypass only for this specific post parameter or domain? or Is there anyway to generate token at site1.com and verify at site2.com using get method?

Why do you enable csrf protection and then try to backdoor it? Thats a security issue. It makes no sense to enable a feature and then back door it. — Code Spirit, Jun 29 '20 at 11:37
If there were a method to generate a token on site1 to work on site2, it would defeat the purpose of CSRF protection since CSRF protection is specifically to _prevent_ cross-site requests. If you don't need it, then remove it. — M. Eriksson, Jun 29 '20 at 11:44

score 0 · Answer 1 · answered Jun 29 '20 at 11:43

0

Remove CsrfProtectionMiddleware from middleware queue: src/Application.php

Answered here CakePHP 3.6.10 disable completely CSRF token check

answered Jun 29 '20 at 11:43

Chilarai

1,842
2
15
33

cakephp CSRF token Bypass

1 Answers1