将CSRF令牌传递给Stripe [英] Passing csrf token to Stripe

问题描述

我正在使用stripe.js进行条纹支付。我需要设置一个回调wenhook来接收来自stripe的请求。

I am using stripe.js for stripe payments. I need to setup a callback wenhook to receive the request from stripe.

由于webhook是由stripe发布到的-我已将其标记为 csrf_excempt 。

Since the webhook is posted to by stripe - I have marked it as csrf_excempt.

1. 使此视图 csrf_excempt 有任何风险吗？


2. 如果我应该对此视图进行csrf保护，该如何从stripe传递和获取csrf令牌？

1. Is there any risk with making this view csrf_excempt?
2. If I should have csrf protection on this view, how can I pass and get back the csrf tokens from stripe?

推荐答案

那是行不通的。绝对禁用从Stripe进行回调的csrf。

That's not going to work. Definitely disable csrf for the callback from Stripe.

即使您是这样。

• 通过 csrf_token 进行条纹


• 找到了一种使条纹将同一令牌发布回您的回调URL的方法

• passed the csrf_token to stripe
• found a way to get stripe to post that same token back to your callback URL

此时令牌是不相关的，因为令牌仅用于您当前的浏览器会话（通常是cookie）。

The token would be irrelevant at that point as the token is for your current browser session only (typically a cookie).

每次请求都会生成CSRF令牌，并将其发送到浏览器以存储在cookie中。 Stripe将没有此Cookie，因此您将收到相同的CSRF错误。

The CSRF token is generated upon every request and sent to the browser to be stored in a cookie. Stripe will not have this cookie and thus you'll get a CSRF Error just the same.

这篇关于将CSRF令牌传递给Stripe的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！