ok, it was the csrf filter causing a redirect so the CCAvenue gateway was unable to find the response page.
I disabled it and now everything works as expected.
but now the security is weak of course, so the question now is,
is there a way to just bypass csrf for the payment gateway response?
if not is there a way to send csrf value and key to the payment gateway and then receive the same and it will validate the post request?
I tried changing the csrf token name to one extra parameter which the payment gateway accepts and then I got the key and the value in the response but even then it didn't work, page was redirected and again response page was not found by the gateway response.
any help, how can we achieve this? without removing csrf filter?