Uniform: Deactivate CSRF check for headless usecases


I use Kirby completely decoupled which means, my front-end only communicates via the API with Kirby and for forms, sending the POST from a HTML form to the php backend, therefore, can’t make use of the CSRF (at least, not in a way I would be aware) as I have no way to retrieve it in a statically generated HTML environment.

Is there a way to deactivate the CSRF token check in a controller using Uniform?

I first thought you could just remove the token field, but looking at the source code, an empty token would not validate, either.
Ping @mzur

There is no option to disable the CSRF token check in Uniform. This would need to be added as new feature to kirby-form. I’d be happy to accept a pull request for this.