Silent Redirect returnurl - Invalid Form Key

Question

Silent Redirect returnurl - Invalid Form Key

Closed this issue 4 years ago · 7 comments

The silent redirect return URL seems to fail, resulting in no 'PayPal PayflowPro response:' to appear in the debug logs.

Calling the input with a GET request works, but doesn't capture the query parameters:

  'PayPal PayflowPro response:' => 
  array (
  ),
) [] []

Is there a way for this endpoint to bypass csrf validation?

Answer 1 · 2020-08-04T18:17:25.000Z

hi @0xMatt
What endpoint are you talking about? And what are trying to do?

Answer 2 · 2020-08-04T18:37:38.000Z

Sorry, the endpoint in question is /mma/transparent/response/?quoteId=:quoteId - Currently, it is not able to accept a POST request. Magento is intercepting and throwing an 'invalid form key error'. I am trying to capture the transparent redirect response data.

Answer 3 · 2020-08-04T18:40:50.000Z

yes, I think I used GET response instead.

Answer 4 · 2020-08-04T18:50:01.000Z

GET response shows the empty payload as I described above.

The code also seems to expect POST, no? https://github.com/troublediehard/mma-customapi/blob/master/Controller/Transparent/Response.php#L118

Answer 5 · 2020-08-04T19:14:16.000Z

Actually, it was a while ago and I don't really remember how I used it. From what I can see now, I'm loading https://payflowlink.paypal.com with params from rest API /V1/mma/paypal/transparent/securityToken/${quoteId} and cart data in the mobile WebView. And the response is coming from the PayPal server. Not sure if it is POST or GET, but I think it could be configured somewhere in PayPal account.

Answer 6 · 2020-08-04T21:48:37.000Z

I overrode the controller and implemented the interfaces CsrfAwareActionInterface, HttpPostActionInterface which resolved my issue. Thanks!

Answer 7 · 2020-08-05T08:37:54.000Z

Glad you solved your issue 🎉