I have issue when use CSRF Token and get redirect post from another site (Paypal IPN).
The IPN notify not work, after i checked this becuase not csrf token not match, and got error 400.
here my example code, for receive POST feedback from Paypal IPN.
$app->post(‘/callback’,function(){
// $_POST >> post data from paypal ipn
});
My current solution is disable the CSRF token for all page. Is there another way to make it work when enable csrf token ?
I haven’t written any Paypal integrations, but I would not expect the request from Paypal to the callback page to include a CSRF token. Disabling CSRF for this specific page seems the logical solution to me.
@AndreiGOiN, you can use route groups and create a route group with the CRSF token middleware and one without. That way you can add routes that should not check CSRF tokens to the route group without the CSRF middleware.