By Default, if you want to request thru post method, you need to need to decide this on Header Request :
<pre><code class="lang-php">X-Requested-With: XMLHttpRequest
</code></pre>
<hr />
Problem here is, what if we won’t include that header?
<h3 id="heading-1-use-the-classes">1. Use the classes</h3>
Use this classes by putting on top of class
<pre><code class="lang-php">use Magento\Framework\App\CsrfAwareActionInterface;
use Magento\Framework\App\RequestInterface;
use Magento\Framework\App\Request\InvalidRequestException;
</code></pre>
<h3 id="heading-2-implements-csrfawareactioninterface-interface">2. Implements <code>CsrfAwareActionInterface</code> Interface</h3>
Impletements this interface to the controller :
<pre><code class="lang-php">...
class Paymentflag extends \Magento\Framework\App\Action\Action implements CsrfAwareActionInterface
{
...
</code></pre>
<h3 id="heading-3-add-methods">3. Add Methods</h3>
Edit your Controller by adding this methods to allow that request :
<pre><code class="lang-php">public function createCsrfValidationException(RequestInterface $request): ? InvalidRequestException
{
 return null;
}

public function validateForCsrf(RequestInterface $request): ?bool
{
 return true;
}
</code></pre>
<h3 id="heading-4-finish">4. Finish</h3>
Go get the request without header.

By Default, if you want to request thru post method, you need to need to decide this on Header Request :

```php
X-Requested-With: XMLHttpRequest
```

---

Problem here is, what if we won’t include that header?

### 1\. Use the classes

Use this classes by putting on top of class

```php
use Magento\Framework\App\CsrfAwareActionInterface;
use Magento\Framework\App\RequestInterface;
use Magento\Framework\App\Request\InvalidRequestException;
```

### 2\. Implements `CsrfAwareActionInterface` Interface

Impletements this interface to the controller :

```php
...
class Paymentflag extends \Magento\Framework\App\Action\Action implements CsrfAwareActionInterface
{
...
```

### 3\. Add Methods

Edit your Controller by adding this methods to allow that request :

```php
public function createCsrfValidationException(RequestInterface $request): ? InvalidRequestException
{
    return null;
}
    
public function validateForCsrf(RequestInterface $request): ?bool
{
    return true;
}
```

### 4\. Finish

Go get the request without header.

Fiko Borizqy

Fiko Borizqy

Magento 2 - How to enable POST request on Controller without X-Requested-With: XMLHttpRequest

Table of contents

1. Use the classes

2. Implements `CsrfAwareActionInterface` Interface

3. Add Methods

4. Finish