I have a custom module with a defined route as:
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:App/etc/routes.xsd">
<router id="standard">
<route id="custom_module" frontName="custom-module">
<module name="Custom_Module" />
</route>
</router>
</config>
With previous versions of Magento both GET and POST requests would work fine to http://mywebsite.com/custom-module/controllername
After upgrading to Magento 2.3.0, GET requests still work as before, however POST requests now do not call the execute() method of the controller. Instead, they respond with a 200 OK and a response body that is the homepage html of the website.
Does this have to do with some Csrf security feature and form keys that was added in v2.3?
Best Answer
Please check more generous solution that does not change core functionality, you can use around plugin on Validate function of Magento\Framework\App\Request\CsrfValidator class
di.xml
CsrfValidatorSkip.php
Please star my Gist page at https://gist.github.com/ananth-iyer/59ecfabcbca73d6c2e3eeb986ed2f3c4 to encourage.