I believe this endpoint should not be under CSRF protection. If it is, then first time users or people who have not used the application in a while will get an error page when trying to checkout the first time, which is not intended.
The issue and reasoning for adding this to the ignore filter has been discussed in issue #492 .
I believe this endpoint should not be under CSRF protection. If it is, then first time users or people who have not used the application in a while will get an error page when trying to checkout the first time, which is not intended.
The issue and reasoning for adding this to the ignore filter has been discussed in issue #492 .
fixes #492