Trongate's validation class has automatic CSRF protection. That is a good thing - but it can create problems if you are building an API that accepts requests from other websites.

Wouldn't it be nice if you could switch off CSRF protection in those instances? Doing so would mean you could continue using the Trongate validation class as normal - but without the CSRF protection getting in the way and ruining the party.

Well, now you can. All you have to do is define a constant named `API_SKIP_CSRF` and give it a boolean value of `true` in instances where you do not want to use CSRF protection. For example:



As a reminder, setting constants in the manner shown above makes those constants available globally. So, simply add this line in situations where you do not want CSRF protection:



When you do that, the validation class will know you do not want to use CSRF protection - and it will all just work.

This has just been uploaded to GitHub, so you will need to grab the latest `Validation.php` file from GitHub if you want this feature. It will, of course, be added to Trongate v2 shortly.

Trongate is a 'stability first' framework. Therefore, there are no breaking changes.