I am using PaypalAdaptive. It sends ipn_notification properly. ipnNotification action method is as following -
def ipn_notification
ipn = PaypalAdaptive::IpnNotification.new
ipn.send_back(request.raw_post.to_json)
print "=====================request.raw_post#{request.raw_post}=============="
if ipn.verified?
PaymentMailer.notify_unknown(request.raw_post).deliver
else
logger.info "IT DIDNT WORK"
end
render :nothing => true
end
but it's returning error
WARNING: Can't verify CSRF token authenticity rails
Any help for this problem.
In your controller:
skip_before_filter :verify_authenticity_token, :only => [:ipn_notification]
For people reading to quickly and distribute -1 (skipping an important part: it's not a POST call from the client...):
yes it skips a security BUT... Read after...
yes, it's the only way for external website POST requests
yes it's safe: you obviously check params and keys when receiving a call from Paypal or alike.
The correct solution for this problem without compromising security
In your ajax request send the csrf token value as header.
var csrfToken = $("meta[name='csrf-token']").attr("content");
$.ajaxSetup({
headers: {
'X-CSRF-Token': csrfToken
}
});
Add the following line in your application.js
//= require jquery_ujs
And try.
来源:https://stackoverflow.com/questions/11986939/cant-verify-csrf-token-authenticity-in-rails