Disable CSRF #5934

larsjanssen6 · 2022-04-28T09:03:00Z

larsjanssen6
Apr 28, 2022

Hi,

Is it possible to completely disable CSRF in statamic. I already disabled it in kernel.php but that does not work.

I know it's a security issue if you disable this, but for a local system I need to do this.

Can this be done?

Lars

duncanmcclean · 2022-04-28T09:22:34Z

duncanmcclean
Apr 28, 2022
Maintainer

You can add a wildcard (/*) to the array in your app/Http/Middleware/VerifyCsrfToken.phg file.

However, like you say, it's highly recommended that you do use CSRF.

1 reply

larsjanssen6 Apr 28, 2022
Author

Thanks!

edalzell · 2022-04-29T01:54:06Z

edalzell
Apr 29, 2022
Maintainer

Don't do this. Why do you need to do it locally?

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Disable CSRF #5934

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Disable CSRF #5934

Uh oh!

larsjanssen6 Apr 28, 2022

Replies: 2 comments · 1 reply

Uh oh!

duncanmcclean Apr 28, 2022 Maintainer

Uh oh!

larsjanssen6 Apr 28, 2022 Author

Uh oh!

edalzell Apr 29, 2022 Maintainer

larsjanssen6
Apr 28, 2022

Replies: 2 comments 1 reply

duncanmcclean
Apr 28, 2022
Maintainer

larsjanssen6 Apr 28, 2022
Author

edalzell
Apr 29, 2022
Maintainer