I am trying to integrate CC avenue payment method with Magento 2.3 however once payment is processed, user is navigated back to website with error "Invalid Form Key. Please refresh the page."
Upon debugging, I found that CSRF validation fails when CC avenue posts response on return URL. While I also tried solution mentioned on the post : Magento 2.3 upgrade breaks HTTP POST requests to custom module endpoint, still the error persists. Possible reason could be that interface mentioned in above post is not being used rather it gets into Magento\Framework\App\Request\CsrfValidator class which implements Magento\Framework\App\Request\ValidatorInterface.
Possible workaround is to override class – Magento\Framework\App\Request\CsrfValidator as follows:
public function validate(
RequestInterface $request,
ActionInterface $action
): void {
try {
$areaCode = $this->appState->getAreaCode();
} catch (LocalizedException $exception) {
$areaCode = null;
}
if ($request instanceof HttpRequest
&& in_array(
$areaCode,
[Area::AREA_FRONTEND, Area::AREA_ADMINHTML],
true
)
) {
//Custom code
if ($request->getRequestUri() == 'custom/uri')
{
$valid = true;
}
else {
$valid = $this->validateRequest($request, $action);
}
if (!$valid) {
throw $this->createException($request, $action);
}
}
}
Question is – how do I override this class? I tried writing dependency injection but did not work!
Best Answer
You can add a
formKeyto your request.Magento checks in the
validateRequestfunction atMagento\Framework\App\Request\CsrfValidatorif the request is intance ofCsrfAwareActionInterface, not a post request, ajax or has a valideformKey:You can inject
Magento\Framework\Data\Form\FormKeyand add to your request, something like this: