Hi guys,
Recently i tried to integrate frappe with our payment gateway and achieve at checkout process. But the problem is that, how to handle the return url from the payment gateway that is using http post protocol? do you have any advice to this issue? or any work around?
Thank you
What i see in frappe is that, all http request will be validated in frappe.local.http_request = frappe.auth.HTTPRequest(), inside this method there is self.validate_csrf_token() that will force all requests to validate its csrf token except for mobile and ignore_csrf (globally).
There is no way to exclude http request selectively for certain cases. I would imagine if we can do like decorator @frappe.ignore_csrf()
after disabling csrf globally, then my return_url from payment gateway is now working.
for the time being, the solution is to add "ignore_csrf":true inside site_config.json
Should we do bench migrate after adding this to the config json?
This didn’t work for me tho, I put “ignore_csrf”:true in the site config bench-frappe/sites/site_config.json
and then tried “ignore_csrf”:1 and rebooted and all , and it is still refusing post requests in my external app if I don’t pass the csrf as header
Note: I am using a develop env.
Hi @SamSam, site_config is in your site folder created by this command,
bench new-site <site_name>. I don’t think it will be on the sites folder. if we check the frappe code based, it looks for frappe.conf.ignore_csrf. so I don’t think there’s a problem with that setup.
My bad I meant /home/frappe/frappe-bench/sites/site1.local/site_config.json , I put “ignore_csrf”:true and it’s not working, even after rebooting bench.