CSRF Token not work with POST from another site


I have issue when use CSRF Token and get redirect post from another site (Paypal IPN).
The IPN notify not work, after i checked this becuase not csrf token not match, and got error 400.

here my example code, for receive POST feedback from Paypal IPN.

// $_POST >> post data from paypal ipn


My current solution is disable the CSRF token for all page. Is there another way to make it work when enable csrf token ?

I use slimphp 2.

thank you

I haven’t written any Paypal integrations, but I would not expect the request from Paypal to the callback page to include a CSRF token. Disabling CSRF for this specific page seems the logical solution to me.

thanks @llvdl for your reply :slight_smile:

for now, i do not have another solutions.

You will need to disable the CSRF on that route

yes, i made a Middleware to disable this route.

1 Like

Can you post that Middleware?
I have same issue …

@AndreiGOiN, you can use route groups and create a route group with the CRSF token middleware and one without. That way you can add routes that should not check CSRF tokens to the route group without the CSRF middleware.

1 Like

Thank you, @llvdl! I chose to modify guard.php because I have only one route without csrf. If I’ll need more, surely I use your advice. Thanks.