How To Bypass CSRF Validation For Certain Requests In Magento 2

By |

Magento 2,

As per the Wikipedia,

Cross-site request forgery, also known as one-click attack or session riding or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.

In simpler terms, a user is tricked into submitting a web request that they did not want to, in a CSRF attack.

Magento 2 allows the protection against CSRF attacks for security purpose. However, there are certain scenarios where one needs to bypass CSRF validation for certain requests in Magento 2.

For example, I had to implement a feature where the user is redirected to the home page after successful payment in a custom payment method. But the issue was, “Invalid Form Key” error.

This error occurs when the CSRF token has either expired, or the token was incorrectly implemented. In order to solve the “Invalid form key” error, follow the below method:

Method to bypass CSRF validation for certain requests in Magento 2:

That’s it.

Any doubts about the topic? Feel free to mention them in the Comments section below. I’d be happy to help you out asap.

Do share the solution with Magento community via social media.

Thanks.

5
(based on 5 Reviews)
How To Bypass CSRF Validation For Certain Requests In Magento 2Author Magento Badge

Sanjay Jethva

Sanjay is the co-founder and CTO of Meetanshi with hands-on expertise with Magento since 2011. He specializes in complex development, integrations, extensions, and customizations. Sanjay is one the top 50 contributor to the Magento community and is recognized by Adobe.

His passion for Magento 2 and Shopify solutions has made him a trusted source for businesses seeking to optimize their online stores. He loves sharing technical solutions related to Magento 2 & Shopify.

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *