Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
alex stephen2017-06-17 15:30:47
Yii
alex stephen, 2017-06-17 15:30:47

Yii2 how to accept third party action requests?

Actually, the payment system, when making a payment, makes a redirect with a post-request to a specific page (action)
. everything goes outside the domain, I get on my site Bad Request (#400) "Unable to validate data".
Googled this solution:

/**
     * @inheritdoc
     */
    public function behaviors()
    {
        return [
            'verbs' => [
                'class' => VerbFilter::className(),
                'actions' => [
                    'checkout' => ['POST'],
                ],
            ],
            'corsFilter' => [
                'class' => \yii\filters\Cors::className(),
                    'cors' => [
                        // restrict access to
                        'Origin' => [
                            'http://somedomain.ru', 'https://anotherdomain.com'],
                        'Access-Control-Request-Method' => ['POST'],
                        // Allow only POST and PUT methods
                        'Access-Control-Request-Headers' => ['X-Wsse'],
                        // Allow only headers 'X-Wsse'
                        'Access-Control-Allow-Credentials' => true,
                        // Allow OPTIONS caching
                        'Access-Control-Max-Age' => 3600,
                        // Allow the X-Pagination-Current-Page header to be exposed to the browser.
                        'Access-Control-Expose-Headers' => ['X-Pagination-Current-Page'],
                    ],
                ],
            ];
    }

But, as you may have guessed, it did not help.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
alex stephen, 2017-06-17
@berezuev

A temporary (or maybe permanent) solution was to disable CSRF token verification.

Report
M
Maxim Fedorov, 2017-06-19
@qonand

Since you are transmitting data using POST, you must have a CSRF token in the request data. You can solve this problem using one of the following options:
1. Disable CSRF token verification. It is difficult to say how safe it is, because. it all depends on the organization of your system.
2. Use GET instead of POST request. If your action does not change the status of something, this option can be used
3. Organize the issuance of a CSRF token to clients who will access the action

Similar questions
M
MorelBezos2021-04-23 10:01:40
How to auto send messages to discord channel? 1Reply
R
Ruslan Absalyamov2019-02-24 19:52:00
How can I reload the page with the output of the number of records per page? 2Reply
K
kolyafat2016-09-26 23:28:43
A hackneyed question - ajax+CHtml::dropDownList, doesn't work please? 2Reply
R
Roman2016-09-27 14:55:07
Files (css, js) are not connected yii 2.0 assembly advanced, how to solve? 2Reply
M
Mikhail Bazhenov2014-09-24 10:35:26
Why is Vagrant slowing down page load speed? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question