Recently i tried to integrate frappe with our payment gateway and achieve at checkout process. But the problem is that, how to handle the return url from the payment gateway that is using http post protocol? do you have any advice to this issue? or any work around?
What i see in frappe is that, all http request will be validated in frappe.local.http_request = frappe.auth.HTTPRequest(), inside this method there is self.validate_csrf_token() that will force all requests to validate its csrf token except for mobile and ignore_csrf (globally).
There is no way to exclude http request selectively for certain cases. I would imagine if we can do like decorator @frappe.ignore_csrf()
after disabling csrf globally, then my return_url from payment gateway is now working.
for the time being, the solution is to add "ignore_csrf":true inside site_config.json
Hi @SamSam, site_config is in your site folder created by this command,
bench new-site <site_name>. I don’t think it will be on the sites folder. if we check the frappe code based, it looks for frappe.conf.ignore_csrf. so I don’t think there’s a problem with that setup.
My bad I meant /home/frappe/frappe-bench/sites/site1.local/site_config.json , I put “ignore_csrf”:true and it’s not working, even after rebooting bench.