Calling whitelisted API via JS?

I’d like to build a custom whitelisted API method that I can call via some html/javascript snippets that I put on the public website (for logged-out and logged-in users).

However, these would be POST calls and the CSRF checks prohibit calling them via javascript.

Is there any way around this?

In the Frappe Framework, you can mark methods as safe for public access by using the

@frappe.whitelist(allow_guest=True)

decorator. This allows the method to be called by both logged-in and logged-out users, bypassing the CSRF protection for that specific method.