Hello,
I sent a “POST” request via external server for version magento-2.3
My internal Magento URL cannot verify and response is
"Invalid Form Key. Please refresh the page."
as a summary, i want to reach to magento-2.3 from outside and is there any valid way to do it
I'm planning to build a payment module for my Magento store,
So my PSP working with this way;
When the customer clicks pay button of javascript embeded payment form, my PSP POSTing a value to my provided callbackUrl which is my controller inside of my module. (So I'm expecting a POST value to my controller.
It looks like this: https://mywebsite.com/mymodule/response).
When I'm trying to grab the value with this code piece
($postData = $this->getRequest()->getPostValue(); $postData['token']).
When I'm trying to do this, Magento is requesting a value named "form_key". In earlier version there was no usage like this. I'm suspecting there is a change in the Magento 2.3.0.
Can you help me ?
Solved! Go to Solution.
Hi,
it's a known M2.3 bug, I've spent a few hours myself trying to fix it.
you'll find a fix here:
https://magento.stackexchange.com/questions/253414/magento-2-3-upgrade-breaks-http-post-requests-to-... https://github.com/magento/magento2/issues/19712
Hi,
it's a known M2.3 bug, I've spent a few hours myself trying to fix it.
you'll find a fix here:
https://magento.stackexchange.com/questions/253414/magento-2-3-upgrade-breaks-http-post-requests-to-... https://github.com/magento/magento2/issues/19712
Worked ! thanks!! @kgerasimov : )
Hi, please let me know where to implement this CsrfAwareActionInterface method.
I am using Magento 2.3 with payfort as a paymnet gateway.
parameter form_key is appended to paymnet post method.
Please let me know where I can add these methods.
Thank u so much.
using payfort as well did you manage?
Hi @Yamout, yes it works.
@kgerasimov Bypass CSRF Validation solve the original issue but another issue we are facing is, if we add code to bypass CSRF validation then it clears customer session and customer logged out automatically when we come back from the hosted payment page.
Did you face any similar issue?