CSRF token missing when trying to verify IPN message

thegiant101
Contributor
Contributor
Posted on
‎Dec-08-2018 02:19 PM

I reply to the sandbox url  with the same message I get from the IPN (prefixed with cmd=_notify-validate)

and this error comes back from the paypal server:

status code/message: Forbidden (403)

body: {"coBrand":"us","currentYear":2018,"viewName":"response500","showFooter":{"type":"imageAndContent"},"rootTxn":{"name":"signin_csrftoken_error","data":{"msg":"CSRF error: CSRF token missing"},"status":"0"},"csrfError":true,"genericErrorCode":"cookieDisabled"}

 

When I sniffed with Chrome dev tools or Fiddler the request coming out of IPN simulator I've noticed that a csrf_token is presend both as a header and on the body.

 

But the message that gets to my IPN listener eventually doesn't contain it.

 

What could be the problem?

Labels:
Login to Me Too
0 Kudos
Login to Reply or Kudo
1 REPLY 1

thegiant101
Contributor
Contributor
‎Dec-09-2018 07:01 PM

SOLVED.

 

I was converting the body of the message received from the IPN into JSON, and when converting it back to a x-form-urlencoded I had a bug.

I guess paypal server misplaced it as a different kind of message and was requesting a CSRF token.

Login to Me Too
0 Kudos
Login to Reply or Kudo

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.