Magento 2.3 – Fix HTTP POST Requests Break After Upgrade

magento2magento2.3

I have a custom module with a defined route as:

<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:App/etc/routes.xsd">
    <router id="standard">
        <route id="custom_module" frontName="custom-module">
            <module name="Custom_Module" />
        </route>
    </router>
</config>

With previous versions of Magento both GET and POST requests would work fine to http://mywebsite.com/custom-module/controllername

After upgrading to Magento 2.3.0, GET requests still work as before, however POST requests now do not call the execute() method of the controller. Instead, they respond with a 200 OK and a response body that is the homepage html of the website.

Does this have to do with some Csrf security feature and form keys that was added in v2.3?

Best Answer

Please check more generous solution that does not change core functionality, you can use around plugin on Validate function of Magento\Framework\App\Request\CsrfValidator class

This implementation does not break the core functionality of Magento 2.1/2.2/2.3 versions.

di.xml

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
    <type name="Magento\Framework\App\Request\CsrfValidator">
        <plugin name="csrf_validator_skip" type="Module\Vendor\Plugin\CsrfValidatorSkip" />
    </type>
</config>

CsrfValidatorSkip.php

<?php
namespace Module\Vendor\Plugin;
class CsrfValidatorSkip
{
    /**
     * @param \Magento\Framework\App\Request\CsrfValidator $subject
     * @param \Closure $proceed
     * @param \Magento\Framework\App\RequestInterface $request
     * @param \Magento\Framework\App\ActionInterface $action
     */
    public function aroundValidate(
        $subject,
        \Closure $proceed,
        $request,
        $action
    ) {
        if ($request->getModuleName() == 'Your_Module_frontName_Here') {
            return; // Skip CSRF check
        }
        $proceed($request, $action); // Proceed Magento 2 core functionalities
    }
}

Please star my Gist page at https://gist.github.com/ananth-iyer/59ecfabcbca73d6c2e3eeb986ed2f3c4 to encourage.

Related Solutions

Magento – magento 2 captcha not rendering if I override layout xml

Anyway I have solved it myself.The captcha is not rendering due to I haven't override captcha layout xml so overriding it to your theme will solved issue.

Magento2 Module – Fix ‘main.CRITICAL: Plugin Class Doesn’t Exist’

I couldn't reproduce your error, but I got an other one.

Then I did some minor adjustments to your code and it worked.
First drop the InstallSchema.php file. It does nothing so it is useless.

Then make sure that your plugin file is in Amaj/CorePlugin/Model/Currency/Plugin.php and it looks like this:

<?php

namespace Amaj\CorePlugin\Model\Currency;

class Plugin
{
    protected $logger;

    public function __construct(\Psr\Log\LoggerInterface $logger) {
        $this->logger = $logger;
    }

    /**
     * @param $subject
     * @param \Closure $proceed
     * @param $price
     * @param array $options
     * @return string
     */
    public function aroundFormatTxt(
        $subject,
        \Closure $proceed,
        $price,
        $options = []
    )
    {
        $this->logger->info('Amaj aroundFormatTxt');
        return '2';
    }

}

you don't need parent::__construct(); in the constructor because there is no parent class.
And I replaced $logger->info with $this->logger->info because there is no $logger variable.

Best Answer

Related Solutions

Magento – magento 2 captcha not rendering if I override layout xml

Magento2 Module – Fix ‘main.CRITICAL: Plugin Class Doesn’t Exist’

Related Topic