Braintree与csrf webhooks不工作
我用braintree付款,一切正常。 我的代码如下所示:
app.post("/create_customer", function (req, res) { var customerRequest = { firstName: req.body.first_name, lastName: req.body.last_name, creditCard: { number: req.body.number, cvv: req.body.cvv, expirationMonth: req.body.month, expirationYear: req.body.year, billingAddress: { postalCode: req.body.postal_code } } }; gateway.customer.create(customerRequest, function (err, result) { console.log(result); if (result.success) { res.send( "<h1>Customer created with name: " + result.customer.firstName + " " + result.customer.lastName + "</h1>" + "<a href=\"/subscriptions?id=" + result.customer.id + "\">Click here to sign this Customer up for a recurring payment</a>" ); } else { res.send("<h1>Error: " + result.message + "</h1>"); } }); }); app.get("/subscriptions", function (req, res) { var customerId = req.query.id; gateway.customer.find(customerId, function (err, customer) { if (err) { res.send("<h1>No customer found for id: " + req.query.id + "</h1>"); } else { var subscriptionRequest = { paymentMethodToken: customer.creditCards[0].token, planId: "reccuringtest" }; gateway.subscription.create(subscriptionRequest, function (err, result) { res.send("<h1>Subscription Status " + result.subscription.status + "</h1>"); }); } }); }); app.post("/create_transaction", function (req, res) { var saleRequest = { amount: "1000.00", creditCard: { number: req.body.number, cvv: req.body.cvv, expirationMonth: req.body.month, expirationYear: req.body.year }, options: { submitForSettlement: true } }; gateway.transaction.sale(saleRequest, function (err, result) { console.log(err, result); if (result.success) { res.send("<h1>Success! Transaction ID: " + result.transaction.id + "</h1>"); } else { res.send("<h1>Error: " + result.message + "</h1>"); } }); }); 我能够做客户和付款,然后我添加webhooks:
app.get("/webhooks", function (req, res) { res.send(gateway.webhookNotification.verify(req.query.bt_challenge)); }); app.post("/webhooks", function (req, res) { gateway.webhookNotification.parse( req.body.bt_signature, req.body.bt_payload, function (err, webhookNotification) { console.log("[Webhook Received " + webhookNotification.timestamp + "] | Kind: " + webhookNotification.kind + " | Subscription: " + webhookNotification.subscription.id); } ); res.send(200); });
现在当我付款职位被称为但我有csrf错误:
POST /webhooks 403 194.783 ms - - Error: CSRF token mismatch at csrf (/root/waitero/node_modules/lusca/lib/csrf.js:48:18)
谢谢你的帮助!
您需要禁用来自Braintree的路由接收post的CSRF保护。 最好的方法是编写一个自定义的中间件 :
var expressCsrf = express.csrf(); var customCsrf = function (req, res, next) { if (req.path == "/webhooks") { expressCsrf(req, res, next); } else { next(); } } app.use(customCsrf);