- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I sent a “POST” request via external server for version magento-2.3
My internal Magento URL cannot verify and response is
"Invalid Form Key. Please refresh the page."
as a summary, i want to reach to magento-2.3 from outside and is there any valid way to do it
Additional information
I'm planning to build a payment module for my Magento store,
So my PSP working with this way;
When the customer clicks pay button of javascript embeded payment form, my PSP POSTing a value to my provided callbackUrl which is my controller inside of my module. (So I'm expecting a POST value to my controller.
It looks like this: https://mywebsite.com/mymodule/response).
When I'm trying to grab the value with this code piece
($postData = $this->getRequest()->getPostValue(); $postData['token']).
When I'm trying to do this, Magento is requesting a value named "form_key". In earlier version there was no usage like this. I'm suspecting there is a change in the Magento 2.3.0.
Can you help me ?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
it's a known M2.3 bug, I've spent a few hours myself trying to fix it.
you'll find a fix here:
https://magento.stackexchange.com/questions/253414/magento-2-3-upgrade-breaks-http-post-requests-to-... https://github.com/magento/magento2/issues/19712
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: External Request - Invalid Form Key Magento 2.3
Does this article help you include a generated formkey in your code -
https://magento.stackexchange.com/questions/137946/how-to-generate-formkey-in-magento-and-send-a-pos...
Problem solved? Click Accept as Solution!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
it's a known M2.3 bug, I've spent a few hours myself trying to fix it.
you'll find a fix here:
https://magento.stackexchange.com/questions/253414/magento-2-3-upgrade-breaks-http-post-requests-to-... https://github.com/magento/magento2/issues/19712
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: External Request - Invalid Form Key Magento 2.3
Worked ! thanks!! @kgerasimov : )
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: External Request - Invalid Form Key Magento 2.3
Hi, please let me know where to implement this CsrfAwareActionInterface method.
I am using Magento 2.3 with payfort as a paymnet gateway.
parameter form_key is appended to paymnet post method.
Please let me know where I can add these methods.
Thank u so much.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: External Request - Invalid Form Key Magento 2.3
using payfort as well did you manage?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: External Request - Invalid Form Key Magento 2.3
Hi @Yamout, yes it works.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: External Request - Invalid Form Key Magento 2.3
@kgerasimov Bypass CSRF Validation solve the original issue but another issue we are facing is, if we add code to bypass CSRF validation then it clears customer session and customer logged out automatically when we come back from the hosted payment page.
Did you face any similar issue?