Embedded stripe checkout not working while CSRF is enabled

R4v3n · November 3, 2024, 8:59pm

Wappler Version : 6.8.0
Operating System : Windows 10
Server Model: NodeJS
Database Type: MariaDB
Hosting Type: Localhost + Docker for DB

Expected behavior

What do you think should happen?

When having CSRF Tokens enabled along a CSRF Token meta tag on the layout page, the embedded checkout should appear, when you try to reach it.

What actually happens?

The embedded Checkout doesn't appear and the following error appears in the logs:

How to reproduce

Just activate CSRF along a CSRF meta tag (or even without the meta tag) on the main layout page. Then try to get an embedded checkout working.

If you want to reset this behaviour, you have to deactivate CSRF and completely close your browser.

R4v3n · November 3, 2024, 9:46pm

Another Addendum:
When deactivating CSRF (while having a meta tag for the csrf token and then deleting the meta tag), my server action which was containing the embedded checkout session template has gone completely empty.
Another time it even copied the content of a completely different server action and replaced the server action, where the template for the checkout session was located, with the contents of this other server action.

R4v3n · November 3, 2024, 10:34pm

Last Addendum:

Maybe rename the CSRF to Anti-CSRF so it won't result in confusion?
Because CSRF is technically the name of the attack.

R4v3n · November 5, 2024, 10:02am

This is getting out of hand right now.
As soon as I activate CSRF the last Server action I edited gets completely edited and changed to some other server action or is completely empty.

Reminder for everyone: Do backups often.

R4v3n · November 5, 2024, 10:09am

The pain of being too lazy to remember their own mistakes and repeating them...

Teodor · November 5, 2024, 10:23am

Can you please make a short video demonstrating the problem, as your topic is not really clear.

R4v3n · November 5, 2024, 10:24am

I will try it.

R4v3n · November 5, 2024, 10:58am

I will have to keep working on my project. It does occur randomly when CSRF is being enabled or deactivated. I cannot replicate it atm. As soon as I have found a way, I will post a video. The first problem with the embedded checkout is still able to be replicated as described.