novi-webhooks-csrf | Stripe Developers | Page 1

bright oceanBOT Dec 20, 2023, 7:02 PM

#

little veldt Dec 20, 2023, 7:04 PM

#

Hello! You'll be better suited looking at online resources to see how to handle CSRF issues with django since this isn't really a stripe-specific problem. Resources like https://stackoverflow.com/questions/10663446/post-method-always-return-403-forbidden or https://docs.djangoproject.com/en/dev/ref/csrf/#how-to-use-it may be helpful

#

It sounds like you may want to use csrf_exempt for your webhook endpoint

cyan nimbus Dec 20, 2023, 7:05 PM

#

and I don't nedd csrf_exempt on webhook function?

little veldt Dec 20, 2023, 7:08 PM

#

No, we call out in our docs that you'll want to exempt the stripe webhook from csrf here: https://stripe.com/docs/webhooks#csrf-protection

cyan nimbus Dec 20, 2023, 7:10 PM

#

ok, will try

bright oceanBOT Dec 20, 2023, 7:11 PM

#

novi-webhooks-csrf

#novi-webhooks-csrf