+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: CSRF with external forms (/showthread.php?tid=88623)
CSRF with external forms - 68thorby68 - 10-07-2023
Hi,
I have implemented CSRF on my site and all is working as expected hwn making AJAX posts to my controller(s).
However, it appears that external communication with Stripe fails (it was working before implementing CSRF).
Would I need to include the Stripe URL's (or something else) in the Excpet array in Filters?
Many thanks.
RE: CSRF with external forms - sammyskills - 10-07-2023
You will need to exclude the URL(s) that stripe sends (a) POST request(s) to in your application.
RE: CSRF with external forms - donpwinston - 10-08-2023
(10-07-2023, 03:40 AM)68thorby68 Wrote: Hi,
I have implemented CSRF on my site and all is working as expected hwn making AJAX posts to my controller(s).
However, it appears that external communication with Stripe fails (it was working before implementing CSRF).
Would I need to include the Stripe URL's (or something else) in the Excpet array in Filters?
Many thanks.
In Config/Filters.php yo need to do something like this:
PHP Code:
'csrf' => ['except' => ['receive-pdf', 'receive_pdf']],
You have to essentially not use csrf for this url/post or implement it yourself somehow in your app and the app making the request.