Closed peco8 closed 7 years ago
The easiest thing would be to add skip_before_action :verify_authenticity_token
to your controller I believe!
StripeEvent::WebhookController
doesn't inherit from ApplicationController, so this change won't apply to the webhook requests from Stripe. Can you provide more detail about your problem?
With stripe_event, Should I apply ...
I think it's worth noting for @peco8's benefit that _if you're using stripe_event
_, you're not responsible for the Controller that responds to the actual stripe wehooks. That's all handled for you and abstracted away.
@invisiblefunnel
StripeEvent::WebhookController doesn't inherit from ApplicationController, so this change won't apply to the webhook requests from Stripe.
@rmm5t
you're not responsible for the Controller that responds to the actual stripe wehooks. That's all handled for you and abstracted away.
Now it's clear. It does not really matter if I apply :null-session
or :exception
for protect_from_forgery
, and we still can listen to the webhooks events from stripe.
Thanks for the answer.
This is not an issue or a problem, however I want to get some advice. With stripe-event, Should I apply
null-session
forprotect_from_forgery
.I've just heard as a default, stripe-webhook events can't be heard without turning off the CSRF protection. Should I do something like below, or
protect_from_forgery with: :exception
following the default setting?I just only listen to Stripe Webhook.