tuyennn
commented
4 years ago CSRF should be implement certain on use Magento\Framework\App\CsrfAwareActionInterface;
as
class ReturnAction extends Action\Action implements CsrfAwareActionInterface
{
public function createCsrfValidationException(RequestInterface $request): ?InvalidRequestException
{
return null;
}
public function validateForCsrf(RequestInterface $request): ?bool
{
return true;
}
}
The paymaya callback was redirected to 404 page because of no form_key submitted from Paymaya server. This commit fixed the issue by skip CSRF check.