Fiko Borizqy
Fiko Borizqy

Fiko Borizqy

Magento 2 - How to enable POST request on Controller without X-Requested-With: XMLHttpRequest

Fiko Borizqy
·Aug 27, 2019·

1 min read

Subscribe to my newsletter and never miss my upcoming articles

Table of contents

  • 1. Use the classes
  • 2. Implements CsrfAwareActionInterface Interface
  • 3. Add Methods
  • 4. Finish

By Default, if you want to request thru post method, you need to need to decide this on Header Request :

X-Requested-With: XMLHttpRequest

Problem here is, what if we won’t include that header?

1. Use the classes

Use this classes by putting on top of class

use Magento\Framework\App\CsrfAwareActionInterface;
use Magento\Framework\App\RequestInterface;
use Magento\Framework\App\Request\InvalidRequestException;

2. Implements CsrfAwareActionInterface Interface

Impletements this interface to the controller :

class Paymentflag extends \Magento\Framework\App\Action\Action implements CsrfAwareActionInterface

3. Add Methods

Edit your Controller by adding this methods to allow that request :

public function createCsrfValidationException(RequestInterface $request): ? InvalidRequestException
    return null;

public function validateForCsrf(RequestInterface $request): ?bool
    return true;

4. Finish

Go get the request without header.

Share this