Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Volton2018-09-03 23:35:02
Django
Volton, 2018-09-03 23:35:02

How to get a POST request from LiqPay, writes Forbidden (CSRF cookie not set.)?

Did someone come across such a response when calling with LiqPay?
I process through:
urls.py

urlpatterns = [
        ...
  url(r'^liqpay-callback/$', LiqpayCallbackView.as_view(), name='liqpay_callback'),
]

views.py
@method_decorator(csrf_exempt, name='dispatch')
class LiqpayCallbackView(View):
  def post(self, request, *args, **kwargs):
    liqpay = LiqPay(settings.LIQPAY_PUBLIC_KEY, settings.LIQPAY_PRIVATE_KEY)
    data = request.POST.get('data')
    signature = request.POST.get('signature')
    sign = liqpay.str_to_sign(settings.LIQPAY_PRIVATE_KEY + data + settings.LIQPAY_PRIVATE_KEY)
    if sign == signature:
      print('callback is valid')
    response = liqpay.decode_data_from_str(data)
    print('callback data', response)
    return HttpResponse()

mistake
Forbidden (CSRF cookie not set.): /payment/liqpay-callback/
[03/Sep/2018 22:55:00] "POST /payment/liqpay-callback/ HTTP/1.1" 403 12865

As far as I understand, the answer comes without csrf_token (where does it come from). Well, if so, I put the @csrf_exempt decorator. But why does the decorator not work and the error appears?
ps Set CSRF_COOKIE_SECURE = True - didn't help. django.middleware.csrf.CsrfViewMiddleware installed.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
S
Sergey Tikhonov, 2018-09-04
@tumbler

Everything seems to be according to the instructions:
once or
twice
But I would also try to play with the final function.

url(r'^liqpay-callback/$', csrf_exempt(LiqpayCallbackView.as_view()), name='liqpay_callback'),

Report
V
Volton, 2018-09-04
@Volton

I don’t understand what’s what, but I found the solution in the following:
Moved the url and view to another app and it all worked.
For some reason, the csrf_exempt decorator did not work in the original app.
If anyone knows why this happened, please share.
It's a shame I wasted a day on this...

Report
T
terentjew-alexey, 2019-08-07
@terentjew-alexey

Just like the author of the question, I encountered this problem when implementing web hooks for chat bots.
Redirecting to another django app worked for me initially.
But, when writing a universal application, this is not an option.
Studied django sources. Apparently, somehow CsrfViewMiddleware does not see the csrf_exempt field in the callback (view), which is added by the decorator of the same name.
../django/middleware/csrf.py:212 (django 2.2)
Accordingly, the output is to add this field yourself to the resulting view function:

# Class based view
@method_decorator(csrf_exempt, name='dispatch')
class MyViewClass(View):
    @classmethod
    def as_view(cls, **initkwargs):
        view = super().as_view(**initkwargs)
        view.csrf_exempt = True
        return view

# view function
@csrf_exempt
def my_view(request, **kwargs):
    return HttpResponse()

my_view.csrf_exempt = True

Similar questions
N
Nikolai Gromov2017-04-28 13:16:05
How to access an element of an object that is in an array? 2Reply
A
Alexander2019-06-13 11:48:45
What is the best way to make history model in Django? 0Reply
I
IIITRIX2019-06-13 20:42:46
How to resize on the fly? 3Reply
F
Friend2017-01-20 12:31:24
How to use relations(foreign key, Many-to-many) in models? 1Reply
E
epolyak2019-06-14 13:29:50
How to process URL correctly in django? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question