Magento 2.3.0: Implement below code to skip the CSRF check on your custom route called outside Magento environment. This implementation does not break core frontend/adminhtml routes, Magento 2.3/2.2/2.1 web stores.

CsrfValidatorSkip.php

<?php
namespace Vendor\Module\Plugin;

class CsrfValidatorSkip
{
    /**
     * @param \Magento\Framework\App\Request\CsrfValidator $subject
     * @param \Closure $proceed
     * @param \Magento\Framework\App\RequestInterface $request
     * @param \Magento\Framework\App\ActionInterface $action
     */
    public function aroundValidate(
        $subject,
        \Closure $proceed,
        $request,
        $action
    ) {
        /* Magento 2.1.x, 2.2.x */
        if ($request->getModuleName() == 'Your_Module_frontName_Here') {
            return; // Skip CSRF check
        }
        /* Magento 2.3.x */
        if (strpos($request->getOriginalPathInfo(), 'Add_Controller_frontName') !== false) {
            return; // Skip CSRF check
        }
        $proceed($request, $action); // Proceed Magento 2 core functionalities
    }
}

di.xml

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
    <type name="Magento\Framework\App\Request\CsrfValidator">
        <plugin name="csrf_validator_skip" type="Vendor\Module\Plugin\CsrfValidatorSkip" />
    </type>
</config>

Hey @enx1998,
You can check the updated both files for Magento 2.3.x and this fix for the null problem of $request->getModuleName()

Hi @ananth-iyer,
thanks for your code, I found the solution strpos($request->getOriginalPathInfo(), 'Add_Controller_frontName') !== false greatly working with magento 2.3.
Thanks ENX

hy sir it was working fine for me too on mageto 2.3 but after restart my project m getting
Exception #0 (InvalidArgumentException): Plugin class Module\Vendor\Plugin\CsrfValidatorSkip doesn't exist
because i didnt include this CsrfValidatorSkip.php
so where this file i have to create in my plugin folder or project vendor folder ??
please reply

@pankaj-swarankar Create CsrfValidatorSkip.php file in the Plugin folder

Excellent for Magento 2.3.5-p2.

Works on Magento 2.4. Thanks.

Sorry to bother, but unfortunately I'm not able to implement your solution (and in effect it's exactly what I need. So thank you in advance !)

• Created Directory app/code/MyVendorName
• Created Directory app/code/MyVendorName/MyModuleName
• Created Directory app/code/MyVendorName/MyModuleName/etc
• Created file app/code/MyVendorName/MyModuleName/etc/di.xml and copied the contents you provided here (adapted <plugin name="csrf_validator_skip" type="MyVendorName\MyModuleName\Plugin\CsrfValidatorSkip" />)
• Created Directory app/code/MyVendorName/MyModuleName/Plugin
• Created file app/code/MyVendorName/MyModuleName/Plugin/CsrfValidatorSkip.php and copied the contents you provided here (adapted namespace MyVendorName\MyModuleName\Plugin and also changed Add_Controller_frontName)

Then I've run:
bin/magento setup:upgrade && bin/magento setup:di:compile

How can I determine if the plugin works or not ? Or better, How can I know if the Plugin is loaded or not ? I still receive a 302 response when I try to POST data to https://mysite.com/Add_Controller_frontName.

Magento version is 2.3.6-p1

Thank you for your contribution and for your help

Perfect solution! thanks mate

Hi All, here is another gist to easily enable/disable Xdebug on local - https://gist.github.com/ananth-iyer/cc45380c5f722aedd35a3e9a40ed8c35