Uniform: Deactivate CSRF check for headless usecases


I use Kirby completely decoupled which means, my front-end only communicates via the API with Kirby and for forms, sending the POST from a HTML form to the php backend, therefore, can’t make use of the CSRF (at least, not in a way I would be aware) as I have no way to retrieve it in a statically generated HTML environment.

Is there a way to deactivate the CSRF token check in a controller using Uniform?

I first thought you could just remove the token field, but looking at the source code, an empty token would not validate, either.
Ping @mzur

There is no option to disable the CSRF token check in Uniform. This would need to be added as new feature to kirby-form. I’d be happy to accept a pull request for this.

@mzur See Conditionally bypass CSRF validation by bvdputte · Pull Request #16 · mzur/kirby-form · GitHub & Bypass csrf validation by bvdputte · Pull Request #232 · mzur/kirby-uniform · GitHub for PR’s.

Thanks a lot for the awesome plugin, Martin :raised_hands: