I have been working on an integration with Stripe in one of my projects and have come across Invalid CSRF token errors with Stripe checkout components.
These errors happen if CSRF is enabled under Server Connect settings, regardless of whether the CSRF meta tag (for global implementation of the CSRF tokens) is included/excluded in the layout page. I have tested the latest Stripe embedded checkout element and previous version of Stripe hosted checkout component and both fail to load correctly when CSRF is enabled.
Can CSRF be used with Stripe? Does it require a specific implementation of CSRF tokens to work with Stripe? Any help in understanding the implementation of CSRF with Stripe is greatly appreciated.
When you enabled CSRF globally on the server then each post request must include the token. It is possible to disable it for specific endpoints, in the action settings you can check the No CSRF.
I've updated the Stripe component that it should include the token if a meta tag with it was found on the page.
Thank you for the update. I have tested the updated dmx files and the Stripe hosted checkout is working correctly with CSRF enabled globally on the layout pages.
I was not aware of the No CSRF option under action settings. Thank you for highlighting the availability of this option.
Thank you again for a quick response and resolution!
