#pagdas
mint coral
yes
primal pecan
Hi đź‘‹ can you tell me more about your scenario, at what point is a 403 being encountered?
mint coral
hello toby how you doing
look my friend
how is the scenario
im using python django on my backend im trying to make a check out from stripe portal the user press to the checkout button and the is redirected to the stripe prortal the code is like this @csrf_exempt
def create_checkout_session(request):
if request.method == 'GET':
domain_url = 'http://localhost:8000/'
stripe.api_key = stripe_api_key
try:
checkout_session = stripe.checkout.Session.create(
client_reference_id=request.user.id if request.user.is_authenticated else None,
success_url='https://f562-109-110-230-169.ngrok-free.app/payment/pricing_page',
cancel_url=domain_url + 'cancel/',
payment_method_types=['card'],
mode='subscription',
line_items=[
{
'price': 'price_1MwjlHC0KuEJ2RHeUFM2fAlw',
'quantity': 1,
}
]
)
return JsonResponse({'sessionId': checkout_session['id']})
except Exception as e:
return JsonResponse({'error': str(e)})
and then im trying to make a webhook like this
whit the key
but unfortunatly im getting error 403
can you help me
primal pecan
When is the 403 being encountered? When the Event is being sent to your webhook endpoint?
mint coral
yes when im making the check out
primal pecan
If your server is throwing a 403 when we are trying to send an Event to it, then we won't have much insight on why your server is behaving that way and serving that response.
Do you have the ID of an Event where you encountered this behavior that I can take a closer look at?
primal pecan
Yup
primal pecan
Yup, looks like your server is returning the 403 so we won't have insight on why it is doing that. I would recommend taking a look at the rest of the response that your server is providing, as it seems to have some pointers towards why it is behaving that way.
<div id="summary">
<h1>Forbidden <span>(403)</span></h1>
<p>CSRF verification failed. Request aborted.</p>
<p>You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p>
<p>If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for “same-origin” requests.</p>
</div>```and:
<h2>Help</h2>
<p>Reason given for failure:</p>
<pre>
CSRF cookie not set.
</pre>
<p>In general, this can occur when there is a genuine Cross Site Request Forgery, or when
<a
href="https://docs.djangoproject.com/en/4.1/ref/csrf/">Django’s
CSRF mechanism</a> has not been used correctly. For POST forms, you need to
ensure:</p>
<ul>
<li>Your browser is accepting cookies.</li>
<li>The view function passes a <code>request</code> to the template’s <a
href="https://docs.djangoproject.com/en/dev/topics/templates/#django.template.backends.base.Template.render"><code>render</code></a>
method.</li>
<li>In the template, there is a <code>{% csrf_token
%}</code> template tag inside each POST form that
targets an internal URL.</li>
<li>If you are not using <code>CsrfViewMiddleware</code>, then you must use
<code>csrf_protect</code> on any views that use the <code>csrf_token</code>
template tag, as well as those that accept the POST data.</li>
<li>The form has a valid CSRF token. After logging in in another browser
tab or hitting the back button after a login, you may need to reload the
page with the form, because the token is rotated after a login.</li>
</ul>
<p>You’re seeing the help section of this page because you have <code>DEBUG =
True</code> in your Django settings file. Change that to <code>False</code>,
and only the initial error message will be displayed. </p>
<p>You can customize this page using the CSRF_FAILURE_VIEW setting.</p>
</div>
to be honest it seams ok but let me check it again due to the fact that i have read all this error and doc
proud thicketBOT