Braintree webhooks with csrf 不起作用
Braintree webhooks with csrf not working
我用Braintree进行了定期付款,一切都运行良好。我的代码如下所示:
app.post("/create_customer", function (req, res) {
var customerRequest = {
firstName: req.body.first_name,
lastName: req.body.last_name,
creditCard: {
number: req.body.number,
cvv: req.body.cvv,
expirationMonth: req.body.month,
expirationYear: req.body.year,
billingAddress: {
postalCode: req.body.postal_code
}
}
};
gateway.customer.create(customerRequest, function (err, result) {
console.log(result);
if (result.success) {
res.send(
"<h1>Customer created with name: " + result.customer.firstName + " " + result.customer.lastName + "</h1>" +
"<a href='"/subscriptions?id=" + result.customer.id + "'">Click here to sign this Customer up for a recurring payment</a>"
);
} else {
res.send("<h1>Error: " + result.message + "</h1>");
}
});
});
app.get("/subscriptions", function (req, res) {
var customerId = req.query.id;
gateway.customer.find(customerId, function (err, customer) {
if (err) {
res.send("<h1>No customer found for id: " + req.query.id + "</h1>");
} else {
var subscriptionRequest = {
paymentMethodToken: customer.creditCards[0].token,
planId: "reccuringtest"
};
gateway.subscription.create(subscriptionRequest, function (err, result) {
res.send("<h1>Subscription Status " + result.subscription.status + "</h1>");
});
}
});
});
app.post("/create_transaction", function (req, res) {
var saleRequest = {
amount: "1000.00",
creditCard: {
number: req.body.number,
cvv: req.body.cvv,
expirationMonth: req.body.month,
expirationYear: req.body.year
},
options: {
submitForSettlement: true
}
};
gateway.transaction.sale(saleRequest, function (err, result) {
console.log(err, result);
if (result.success) {
res.send("<h1>Success! Transaction ID: " + result.transaction.id + "</h1>");
} else {
res.send("<h1>Error: " + result.message + "</h1>");
}
});
});
我可以进行客户和付款,然后添加网络钩子:
app.get("/webhooks", function (req, res) {
res.send(gateway.webhookNotification.verify(req.query.bt_challenge));
});
app.post("/webhooks", function (req, res) {
gateway.webhookNotification.parse(
req.body.bt_signature,
req.body.bt_payload,
function (err, webhookNotification) {
console.log("[Webhook Received " + webhookNotification.timestamp + "] | Kind: " + webhookNotification.kind + " | Subscription: " + webhookNotification.subscription.id);
}
);
res.send(200);
});
现在,当我进行付款后函数时,调用了但是我有csrf错误:
POST /webhooks 403 194.783 ms - -
Error: CSRF token mismatch
at csrf (/root/waitero/node_modules/lusca/lib/csrf.js:48:18)
感谢您的任何帮助!
您需要为从 Braintree 接收帖子的路由禁用 CSRF 保护。最好的方法可能是编写一个自定义中间件:
var expressCsrf = express.csrf();
var customCsrf = function (req, res, next) {
if (req.path == "/webhooks") {
expressCsrf(req, res, next);
} else {
next();
}
}
app.use(customCsrf);
相关文章:
- electronic BrowserWindow的最小高度和宽度在hide()show()方法之后不起作用
- 监视函数从服务返回不起作用,但作用域函数起作用
- 幻灯片滚动javascript不起作用
- 简单的javascript在Shopify中不起作用
- Recaptcha在IE7和IE8中不起作用
- Ember Data DS.Model's set函数不起作用
- JsFiddle上的鼠标事件不起作用
- 我的AngularJS表达式没有'不起作用
- 点击按钮输入不起作用
- 面向对象的Javascript代码在IE7中不起作用
- 分部隐藏在jquery中不起作用
- 在phonegap应用程序内部重定向不起作用
- Array.length似乎不起作用;console.log则显示其他情况
- $ionicplatform内的$scope不;不起作用
- 我的javascript for循环不起作用
- Meteor-添加用户自定义字段的方法不起作用
- 为什么 .focus() 不起作用,而 .css(“color”,“red”) 在同一个选择器上起作用
- Braintree webhooks with csrf 不起作用
- 如果脚本位于静态文件夹中,则 CSRF 验证不起作用
- 代码点火器 CSRF 在选择选项中不起作用
