-1

i am trying to integrate PayFast payment gateway in my laravel application and i am getting 419 error which i think is very strange and below is the code.

i have configured everything as in the documentation of PayFast and i am checking it on ngrok and on notify url i am getting 419 unknown status and i don't know what i am missing. please see my code and let me know what i am missing.

PayFast Form view

<form target="_blank" action="https://sandbox.payfast.co.za/eng/process" method="POST">
    <input type="hidden" name="merchant_id" value="10015150">
    <input type="hidden" name="merchant_key" value="aaid6ctdo8lxz">
    <input type="hidden" name="custom_str1" value="{{$business->id}}">
    <input type="hidden" name="amount" value="200.00">
    <input type="hidden" name="name_first" value="">
    <input type="hidden" name="name_last" value="">
    <input type="hidden" name="email_address" value="">
    <input type="hidden" name="cell_number" value="0823456789">
    <input type="hidden" name="item_name" value="Making your business Featured on our Website">
    <input type="hidden" name="return_url" value="http://95d16c17.ngrok.io/return">
    <input type="hidden" name="cancel_url" value="http://95d16c17.ngrok.io/cancel">
    <input type="hidden" name="notify_url" value="http://95d16c17.ngrok.io/notify">
    <button type="submit" title="You will have to pay to make your business featured" class="btn btn-primary">Make Business Featured</button>
</form>

web.php

Route::post('notify','HomeController@updatedBusiness');

Home Controller

public function updatedBusiness(Request $request){
    header('HTTP/1.0 200 OK');
    flush();
    $business = Business::find($request->get('custom_str1'));
    $business->featured_business = 1;
    $business->save();
    return 'success';
}

any help would be really appreciated.

Naveed Ali
  • 1,043
  • 7
  • 15
  • i just pasted your form into an html file and clicked the button, it seems to have taken me to PayFast test merchant with no problems. What does your notify script look like? – delboy1978uk Nov 07 '19 at 16:39
  • as you can see in home controller i am calling a function on the /notify url and i am updating one field of database there from my controller, i don't know which script are you refering. – Naveed Ali Nov 07 '19 at 16:42
  • After payment, FastPay sends a POST to http://95d16c17.ngrok.io/notify, at that point Laravel cries about CSRF according to Saly below. Can you disable CSRF on that URL? Or have it in the URL? – delboy1978uk Nov 07 '19 at 16:43
  • duplicate of [disable csrf in laravel for specific route](https://stackoverflow.com/questions/31729415/disable-csrf-in-laravel-for-specific-route) you just need to add `/notify` to the exception list – N69S Nov 07 '19 at 16:44
  • let me disable it and then i give it a try. – Naveed Ali Nov 07 '19 at 16:47
  • 1
    @delboy1978uk thank you so much, i disable the csrf on that url and it worked. – Naveed Ali Nov 07 '19 at 16:57

1 Answers1

5

It was an issue of csrf as laravel apply the VerifyCsrfToken middleware on every route and when PayFast sends back a POST request on notify url then Laravel cries as @delboy1978uk mentioned in the comment. Disabling it in the VerifyCsrfToken middleware did the trick as below

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

 class VerifyCsrfToken extends Middleware
{
    /**
     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
     *
     * @var bool
     */
    protected $addHttpCookie = true;

    /**
    * The URIs that should be excluded from CSRF verification.
    *
    * @var array
    */
    protected $except = [
     'notify',
    ];
}
Naveed Ali
  • 1,043
  • 7
  • 15