Disable CSRF on the /incidents/create route

Author: williamdes

src/Application.php

@@ -18,6 +18,7 @@
 
 namespace App;
 
+use App\Middleware\CsrfProtectionMiddleware;
 use App\Middleware\HostHeaderMiddleware;
 use Cake\Core\Configure;
 use Cake\Core\ContainerInterface;
@@ -26,7 +27,6 @@
 use Cake\Event\EventManagerInterface;
 use Cake\Http\BaseApplication;
 use Cake\Http\Middleware\BodyParserMiddleware;
-use Cake\Http\Middleware\CsrfProtectionMiddleware;
 use Cake\Http\MiddlewareQueue;
 use Cake\ORM\Locator\TableLocator;
 use Cake\Routing\Middleware\AssetMiddleware;

src/Middleware/CsrfProtectionMiddleware.php

@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Middleware;
+
+use Cake\Http\Middleware\CsrfProtectionMiddleware as CakeCsrfProtectionMiddleware;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+
+/**
+ * @see https://stackoverflow.com/a/79890247/5155484
+ */
+class CsrfProtectionMiddleware extends CakeCsrfProtectionMiddleware
+{
+    /**
+     * Process the request and validate the Host header.
+     *
+     * @param ServerRequestInterface  $request The request.
+     * @param RequestHandlerInterface $handler The request handler.
+     * @return ResponseInterface A response.
+     */
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        $requestRoute = $request->getUri()->getPath();
+        if ($requestRoute === '/incidents/create') {
+            return $handler->handle($request);
+        }
+
+        return parent::process(
+            request: $request,
+            handler: $handler
+        );
+    }
+}