This question was previously asked here but I didn't have 50 reputation points to continue the discussion on that answer itself.
Short version
Essentially, the problem boils down to - I have an external URL that sends POST data to my Django application. I want to access this POST data but Django is giving 403 error (CSRF Token missing).
Detailed version
I am trying to add Hosted Payment Gateway of Razorpay to my Django Project. I have passed the URL to the following function in the callback functionality.
As specified in the previous answer, I tried using the csrf_exempt decorator and adding the https://api.razorpay.com URL as CSRF_TRUSTED_DOMAINS in the settings.py file, but the issue still remains. I am still getting the 403 error from Django when the payment is successful.
@csrf_exempt
def course_purchase_callback(request):
payment_id = request.POST.get("razorpay_payment_id")
order_id = request.POST.get("razorpay_order_id")
signature = request.POST.get("razorpay_signature")
client = razorpay.Client(auth=(os.getenv("RZP_ID"), os.getenv("RZP_SECRET")))
verify = client.utility.verify_payment_signature({
"razorpay_payment_id": payment_id,
"razorpay_order_id": order_id,
"razorpay_signature": signature,
})
settings.py file
..
..
..
CSRF_TRUSTED_ORIGINS = ["https://api.razorpay.com"]
..
..
Versions being used:
What is the thing I am missing here?
Well, this issue was resolved a while back.
The solution was to add @csrf_exempt tag on the function that was initiating request to Razorpay gateway and not the function that would accept the request from the payment gateway.