CSRF Token not work with POST from another site



I have issue when use CSRF Token and get redirect post from another site (Paypal IPN).
The IPN notify not work, after i checked this becuase not csrf token not match, and got error 400.

here my example code, for receive POST feedback from Paypal IPN.

// $_POST >> post data from paypal ipn


My current solution is disable the CSRF token for all page. Is there another way to make it work when enable csrf token ?

I use slimphp 2.

thank you


I haven’t written any Paypal integrations, but I would not expect the request from Paypal to the callback page to include a CSRF token. Disabling CSRF for this specific page seems the logical solution to me.


thanks @llvdl for your reply :slight_smile:

for now, i do not have another solutions.


You will need to disable the CSRF on that route


yes, i made a Middleware to disable this route.


Can you post that Middleware?
I have same issue …


@AndreiGOiN, you can use route groups and create a route group with the CRSF token middleware and one without. That way you can add routes that should not check CSRF tokens to the route group without the CSRF middleware.


Thank you, @llvdl! I chose to modify guard.php because I have only one route without csrf. If I’ll need more, surely I use your advice. Thanks.