CSRF Token not work with POST from another site


#1

Hello,

I have issue when use CSRF Token and get redirect post from another site (Paypal IPN).
The IPN notify not work, after i checked this becuase not csrf token not match, and got error 400.

here my example code, for receive POST feedback from Paypal IPN.

$app->post(’/callback’,function(){
// $_POST >> post data from paypal ipn

});

My current solution is disable the CSRF token for all page. Is there another way to make it work when enable csrf token ?

I use slimphp 2.

thank you


#2

I haven’t written any Paypal integrations, but I would not expect the request from Paypal to the callback page to include a CSRF token. Disabling CSRF for this specific page seems the logical solution to me.


#3

thanks @llvdl for your reply :slight_smile:

for now, i do not have another solutions.


#4

You will need to disable the CSRF on that route


#5

yes, i made a Middleware to disable this route.


#6

Can you post that Middleware?
I have same issue …


#7

@AndreiGOiN, you can use route groups and create a route group with the CRSF token middleware and one without. That way you can add routes that should not check CSRF tokens to the route group without the CSRF middleware.


#8

Thank you, @llvdl! I chose to modify guard.php because I have only one route without csrf. If I’ll need more, surely I use your advice. Thanks.