I am using Django v2.2.8 with python 3.6.9.
My payment gateway falls back on url which i specified i.e.
https://example.com/success, https://example.com/failure
after the transaction.
However, i have used csrf_exempt on the views handling these urls which works fine in local environment but on production it gives 403 forbidden csrf verification failed.
Even on disabling whole CSRF middleware, error persists.
views.py
@csrf_exempt
def payu_failure(request):
data = {k: v[0] for k, v in dict(request.POST).items()}
response = payu.verify_transaction(data)
return JsonResponse(response)
source from https://github.com/renjithsraj/paywix/blob/master/PAYU.md
settings.py
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
urls.py has proper configuration
path('failure', views.payu_failure, name='payu_failure'),
question from:
https://stackoverflow.com/questions/65934935/csrf-verification-failed-on-production-environment-django 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
