From 7aafa648d9e987977930eea5ab50e9f95ab7bcb4 Mon Sep 17 00:00:00 2001
From: Bart Vandeputte <mail@bartvandeputte.be>
Date: Wed, 16 Nov 2022 11:00:11 +0100
Subject: [PATCH 1/2] Allow bypass CSRF validation

---
 src/Form.php | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/Form.php b/src/Form.php
index 85f48bd..a590a1f 100644
--- a/src/Form.php
+++ b/src/Form.php
@@ -21,6 +21,13 @@ class Form extends BaseForm
      * @var boolean
      */
     protected $shouldValidate;
+    
+    /**
+     * Indicates whether the validation should validate CSRF token
+     *
+     * @var boolean
+     */
+    protected $shouldValidateCSRF;
 
     /**
      * Indicates whether any guards should still be executed
@@ -72,6 +79,7 @@ function __construct($rules = [], $sessionKey = null)
     {
         parent::__construct($rules, $sessionKey);
         $this->shouldValidate = true;
+        $this->shouldValidateCSRF = true;
         $this->shouldCallGuard = true;
         $this->shouldRedirect = true;
         $this->shouldFlash = true;
@@ -114,6 +122,19 @@ public function withoutFlashing()
 
         return $this;
     }
+    
+    /**
+     * Don't validate CSRF.
+     * ⚠️ Not recommended — know what you're doing
+     *
+     * @return  Form
+     */
+    public function withoutCSRF()
+    {
+        $this->shouldValidateCSRF = false;
+
+        return $this;
+    }
 
     /**
      * Check if the form was executed successfully.
@@ -134,7 +155,7 @@ public function validate()
     {
         $this->shouldValidate = false;
 
-        if (parent::validates()) {
+        if (parent::validates($this->shouldValidateCSRF)) {
             $this->success = true;
         } else {
             $this->fail();

From a9e215e0d593043e248aa8549c54101ab31881bc Mon Sep 17 00:00:00 2001
From: Bart Vandeputte <mail@bartvandeputte.be>
Date: Wed, 16 Nov 2022 11:09:32 +0100
Subject: [PATCH 2/2] Update docs

---
 docs/methods.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/docs/methods.md b/docs/methods.md
index 3008eed..5649e32 100644
--- a/docs/methods.md
+++ b/docs/methods.md
@@ -192,3 +192,21 @@ if (kirby()->request()->is('POST')) {
     }
 }
 ```
+
+## withoutCSRF()
+
+Don't validate CSRF.
+
+Return: `Form`
+
+Allow the form to be processed without validating CSRF:
+
+```php
+use Uniform\Form;
+
+$form = new Form;
+if (kirby()->request()->is('POST')) {
+    $form->withoutCSRF()
+        ->emailAction([/* action options */]);
+}
+```