How do I transfer the Cognos token in PayPal Express Checkout code?
I am integrating Paypal Express Checkout with backend REST to my codeigniter site. As in the Paypal doc, I added the following to my checkout page:
<script src="https://www.paypalobjects.com/api/checkout.js"></script>
<script>
var CREATE_PAYMENT_URL = 'https://#######/paypal/create';
var EXECUTE_PAYMENT_URL = 'https://######/paypal/execute';
paypal.Button.render({
env: 'production', // Or 'sandbox'
commit: true, // Show a 'Pay Now' button
payment: function() {
return paypal.request.post(CREATE_PAYMENT_URL).then(function(data) {
return data.id;
});
},
onAuthorize: function(data) {
return paypal.request.post(EXECUTE_PAYMENT_URL, {
paymentID: data.paymentID,
payerID: data.payerID
}).then(function() {
// The payment is complete!
// You can now show a confirmation message to the customer
});
}
}, '#paypal-button');
</script>
Everything works fine, but when I turn on CSRF protection from codeigniter, the call that checkout.js makes to my server using CREATE_PAYMENT_URL gets rejected by the fact that the CSRF token is missing. I have very little knowledge of JavaScript, I need help to pass the token to checkout.js, the Paypal doc doesn't help.
What I have tried:
Disable CSRF in codeigniter config. Works! Paypal Express Checkout works great, but this is not an option, CSRF security must be enabled. Excluded URI from CSRF validation in config codeignter. Works fine again, but I'm not satisfied. There must be a way to secure the server call with CSRF token. Hope my problem is clear and you can suggest some solution. Thank!
source to share
You should solve this problem by adding a parameter X-CSRF-TOKEN
to the http headers for ajax requests. Assuming you are using jquery, below should fix the problem:
$(document).ready(function(){
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': '{{PUT_YOU_CSRF_VARIABLE_HERE}}'
}
});
var CREATE_PAYMENT_URL = 'https://#######/paypal/create';
var EXECUTE_PAYMENT_URL = 'https://######/paypal/execute';
paypal.Button.render({
env: 'production', // Or 'sandbox'
commit: true, // Show a 'Pay Now' button
payment: function() {
return paypal.request.post(CREATE_PAYMENT_URL).then(function(data) {
return data.id;
});
},
onAuthorize: function(data) {
return paypal.request.post(EXECUTE_PAYMENT_URL, {
paymentID: data.paymentID,
payerID: data.payerID
}).then(function() {
// The payment is complete!
// You can now show a confirmation message to the customer
});
}
}, '#paypal-button');
});
source to share