adjust styling and remove CSRF for index action

Author: LordSimal

resources/css/style.css

@@ -121,11 +121,11 @@ body.is-htmx-loading .main-loading-overlay,
 
 @layer components {
     .featured-packages-slider-shell {
-        @apply overflow-hidden pb-4;
+        @apply pb-4;
     }
 
     .featured-packages-slider {
-        @apply overflow-hidden;
+        @apply overflow-visible!;
     }
 
     .featured-packages-slider .swiper-slide {

src/Application.php

@@ -24,6 +24,7 @@
 use Cake\Http\Middleware\BodyParserMiddleware;
 use Cake\Http\Middleware\CsrfProtectionMiddleware;
 use Cake\Http\MiddlewareQueue;
+use Cake\Http\ServerRequest;
 use Cake\ORM\Locator\TableLocator;
 use Cake\Routing\Middleware\AssetMiddleware;
 use Cake\Routing\Middleware\RoutingMiddleware;
@@ -64,6 +65,18 @@ public function bootstrap(): void
      */
     public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
     {
+        $csrf = new CsrfProtectionMiddleware([
+            'httponly' => true,
+        ]);
+        $csrf->skipCheckCallback(function (ServerRequest $request) {
+            if (
+                $request->getParam('controller') === 'Packages' &&
+                $request->getParam('action') === 'index'
+            ) {
+                return true;
+            }
+        });
+
         $middlewareQueue
             // Catch any exceptions in the lower layers,
             // and make an error page/response
@@ -87,9 +100,7 @@ public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
 
             // Cross Site Request Forgery (CSRF) Protection Middleware
             // https://book.cakephp.org/5/en/security/csrf.html#cross-site-request-forgery-csrf-middleware
-            ->add(new CsrfProtectionMiddleware([
-                'httponly' => true,
-            ]));
+            ->add($csrf);
 
         return $middlewareQueue;
     }