#toastedcactus_code

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1278225769029439600

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

The most common reason is payload is somehow altered by Django middleware and changes from the original value Stripe sent in

the only middlware I have are these

MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'whitenoise.middleware.WhiteNoiseMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'security_training_website.firebase_auth_middleware.FirebaseAuthMiddleware',
'training.middleware.TrainingMiddleware',
'allauth.account.middleware.AccountMiddleware',
]

the things which could affect this is the csrf one and this should not be a problem given that we are using the csrf_exempt tag right?

That we are not familiar with 🙂 Just curious if you decode like this would it work? https://github.com/stripe/stripe-python/blob/master/examples/webhooks.py#L15

Will try right now

unfortunately, I get the same error as before

I can give you more code as well if needed

Um that's the response HTML, but if you put breakpoint/log on your server, where does it error? It looks like 403, not 400 as you are catching the exception

not entirly sure. Could you help me with putting a log somewhere in here

I can then run the application on google cloud run and see the log

Around the part

except ValueError as e:

and

except stripe.error.SignatureVerificationError as e:

got it I will be trying again with this

@csrf_exempt
def stripe_webhook(request):
payload = request.body # Corrected from request.data
sig_header = request.META.get('HTTP_STRIPE_SIGNATURE') # Using get to avoid KeyError
event = None

try:
    event = stripe.Webhook.construct_event(
        payload, sig_header, settings.STRIPE_WEBHOOK_SECRET_TEST
    )
except ValueError as e:
    # Invalid payload
    logger.error(f"Invalid payload: {e}")
    return HttpResponse(status=400)
except stripe.error.SignatureVerificationError as e:
    # Invalid signature
    logger.error(f"Signature verification error: {e}")
    return HttpResponse(status=400)
except Exception as e:
    # Catch-all for any other exceptions, potentially indicating a 403 error
    logger.error(f"Unexpected error: {e}")
    return HttpResponse(status=403)

# Process the event
try:
    if event['type'] == 'payment_intent.succeeded':
        payment_intent = event['data']['object']
        handle_payment_intent_succeeded(payment_intent)
    elif event['type'] == 'payment_intent.payment_failed':
        payment_intent = event['data']['object']
        handle_payment_intent_failed(payment_intent)
except Exception as e:
    logger.error(f"Error processing event {event['type']}: {e}")
    return HttpResponse(status=500)

return HttpResponse(status=200)

with

except Exception as e:
    # Catch-all for any other exceptions, potentially indicating a 403 error
    logger.error(f"Unexpected error: {e}")
    return HttpResponse(status=403)

added

Yeah let's try it

Not sure if this is exactly what we want?

Doesn't seem like going from your log

Looks like you have different issue with crsf etc...

Sorry you would want to googling around Django abit. Not quite familiar

is it possible to prevent the webhook from shutting down after continously getting 403 errors? The payments work, its just that this csrf error keeps popping up