Answer the question
In order to leave comments, you need to log in
A
A
alex stephen2017-06-17 15:30:47
alex stephen, 2017-06-17 15:30:47
Yii2 how to accept third party action requests?
Actually, the payment system, when making a payment, makes a redirect with a post-request to a specific page (action)
. everything goes outside the domain, I get on my site Bad Request (#400) "Unable to validate data".
Googled this solution:
/**
* @inheritdoc
*/
public function behaviors()
{
return [
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'checkout' => ['POST'],
],
],
'corsFilter' => [
'class' => \yii\filters\Cors::className(),
'cors' => [
// restrict access to
'Origin' => [
'http://somedomain.ru', 'https://anotherdomain.com'],
'Access-Control-Request-Method' => ['POST'],
// Allow only POST and PUT methods
'Access-Control-Request-Headers' => ['X-Wsse'],
// Allow only headers 'X-Wsse'
'Access-Control-Allow-Credentials' => true,
// Allow OPTIONS caching
'Access-Control-Max-Age' => 3600,
// Allow the X-Pagination-Current-Page header to be exposed to the browser.
'Access-Control-Expose-Headers' => ['X-Pagination-Current-Page'],
],
],
];
}But, as you may have guessed, it did not help.
2 answer(s)
@berezuev
@qonand
A
alex stephen, 2017-06-17 @berezuev
A temporary (or maybe permanent) solution was to disable CSRF token verification.
M
Maxim Fedorov, 2017-06-19 @qonand
Since you are transmitting data using POST, you must have a CSRF token in the request data. You can solve this problem using one of the following options:
1. Disable CSRF token verification. It is difficult to say how safe it is, because. it all depends on the organization of your system.
2. Use GET instead of POST request. If your action does not change the status of something, this option can be used
3. Organize the issuance of a CSRF token to clients who will access the action
Similar questions
L
A
V
S
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question