I am attempting to add Braintree's drop-in UI in node.js. It looks like it should be simple, but I am new to both Braintree and node and having some issues! First, I created a new Braintree gateway, which is being generated correctly. Then I created a server side route that is generating a token from Braintree.
app.route('/client_token').get(function(req, res) {
console.log(gateway);
gateway.clientToken.generate({}, function (err, response) {
res.send({clientToken: response.clientToken});
});
})
Then I created the client side controller, which is accessing the token and allows me to pop up the drop-in ui. This is all working.
(function(){
class CheckoutComponent {
constructor($http) {
this.$http = $http;
}
$onInit() {
this.$http({
method: 'GET',
url: '/client_token'
}).then(function successCallback(response) {
braintree.setup(
response.data.clientToken,
"dropin", {
container: "payment-form"
});
}, function errorCallback(response) {
});
}
}
angular.module('toroApp')
.component('checkout', {
templateUrl: 'app/checkout/checkout.html',
controller: CheckoutComponent
});
})();
This is where I get stuck. The drop-in ui form should then make a post request to '/checkout' and the payment should go through! Here is my code for that, and the drop-in ui html.
Controller
app.route('/checkout').post(function (req, res) {
var transactionErrors;
var amount = 10; // In production you should not take amounts directly from clients
var nonce = req.body.payment_method_nonce;
gateway.transaction.sale({
amount: amount,
paymentMethodNonce: nonce
}, function (err, result) {
if (result.success || result.transaction) {
res.redirect('checkouts/' + result.transaction.id);
} else {
transactionErrors = result.errors.deepErrors();
req.flash('error', {msg: formatErrors(transactionErrors)});
res.redirect('checkouts/new');
}
});
});
HTML
<form id="checkout" method="post" action="/checkout">
<div id="payment-form"></div>
<input type="submit" value="Pay $10">
</form>
<script src="https://js.braintreegateway.com/js/braintree-2.25.0.min.js"></script>
And then everything breaks... Any ideas? I am also new to StackOverflow, so any feedback on the format and content in this question is appreciated.
GET /client_token 200 492.478 ms - -
Error: CSRF token missing
at checkCsrf
POST /checkout 403 23.809 ms - -
The problem was Lusca! If you enabled Lusca in an express config file, you need to disable it in development.