Laravel 条纹结帐:419(未知状态)
Laravel Stripe checkout: 419 (unknown status)
我正在尝试使用 Stripe 上托管的支付页面来使用 Stripe 结账。 Stripe 文档适用于纯 PHP。但是对于 Laravel,它不会重定向到 Stripe 支付页面。在控制台中,它显示 POST http://127.0.0.1:8000/stripe 419 (unknown status) 和 Error: SyntaxError: Unexpected token < in JSON at position 0。根据一些帖子,我在 VerifyCsrfToken 中间件中添加了 https://checkout.stripe.com/。
结帐页面:
<head>
...
<script src="https://polyfill.io/v3/polyfill.min.js?version=3.52.1&features=fetch"></script>
<script src="https://js.stripe.com/v3/"></script>
</head>
<body>
<button type="button" id="checkout-button">Checkout</button>
<script type="text/javascript">
var stripe = Stripe("{{ env('STRIPE_KEY') }}");;
var checkoutButton = document.getElementById("checkout-button");
checkoutButton.addEventListener("click", function () {
fetch("{{ route('stripe-store') }}", {
method: "POST",
})
.then(function (response) {
return response.json();
})
.then(function (session) {
return stripe.redirectToCheckout({ sessionId: session.id });
})
.then(function (result) {
if (result.error) {
alert(result.error.message);
}
})
.catch(function (error) {
console.error("Error:", error);
});
});
</script>
在控制器中:
public function store(Request $request)
{
Stripe::setApiKey(env('STRIPE_SECRET'));
header('Content-Type: application/json');
$checkout_session = Session::create([
'payment_method_types' => ['card'],
'line_items' => [[
'price_data' => [
'currency' => 'usd',
'unit_amount' => 2000,
'product_data' => [
'name' => 'Stubborn Attachments',
],
],
'quantity' => 1,
]],
'mode' => 'payment',
'success_url' => route('welcome'),
'cancel_url' => route('welcome'),
]);
echo json_encode(['id' => $checkout_session->id], JSON_THROW_ON_ERROR);
}
控制器方法的路由是Route::post('stripe', [StripeController::class, 'store'])->name('stripe-store');
请帮忙。
在VerifyCsrfToken中添加你的路由url。这将排除验证csrf令牌。你可以在App\Http\Middleware路径文件夹
中找到这个中间件
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'stripe',
];
}
正如官方文档所述
Sometimes you may wish to exclude a set of URIs from CSRF protection.
For example, if you are using Stripe to process payments and are
utilizing their webhook system, you will need to exclude your Stripe
webhook handler route from CSRF protection since Stripe will not know
what CSRF token to send to your routes. Typically, you should place
these kinds of routes outside of the web middleware group that the
App\Providers\RouteServiceProvider applies to all routes in the
routes/web.php file. However, you may also exclude the routes by
adding their URIs to the $except property of the VerifyCsrfToken
middleware:
参考:https://laravel.com/docs/8.x/csrf#preventing-csrf-requests
我正在尝试使用 Stripe 上托管的支付页面来使用 Stripe 结账。 Stripe 文档适用于纯 PHP。但是对于 Laravel,它不会重定向到 Stripe 支付页面。在控制台中,它显示 POST http://127.0.0.1:8000/stripe 419 (unknown status) 和 Error: SyntaxError: Unexpected token < in JSON at position 0。根据一些帖子,我在 VerifyCsrfToken 中间件中添加了 https://checkout.stripe.com/。
结帐页面:
<head>
...
<script src="https://polyfill.io/v3/polyfill.min.js?version=3.52.1&features=fetch"></script>
<script src="https://js.stripe.com/v3/"></script>
</head>
<body>
<button type="button" id="checkout-button">Checkout</button>
<script type="text/javascript">
var stripe = Stripe("{{ env('STRIPE_KEY') }}");;
var checkoutButton = document.getElementById("checkout-button");
checkoutButton.addEventListener("click", function () {
fetch("{{ route('stripe-store') }}", {
method: "POST",
})
.then(function (response) {
return response.json();
})
.then(function (session) {
return stripe.redirectToCheckout({ sessionId: session.id });
})
.then(function (result) {
if (result.error) {
alert(result.error.message);
}
})
.catch(function (error) {
console.error("Error:", error);
});
});
</script>
在控制器中:
public function store(Request $request)
{
Stripe::setApiKey(env('STRIPE_SECRET'));
header('Content-Type: application/json');
$checkout_session = Session::create([
'payment_method_types' => ['card'],
'line_items' => [[
'price_data' => [
'currency' => 'usd',
'unit_amount' => 2000,
'product_data' => [
'name' => 'Stubborn Attachments',
],
],
'quantity' => 1,
]],
'mode' => 'payment',
'success_url' => route('welcome'),
'cancel_url' => route('welcome'),
]);
echo json_encode(['id' => $checkout_session->id], JSON_THROW_ON_ERROR);
}
控制器方法的路由是Route::post('stripe', [StripeController::class, 'store'])->name('stripe-store');
请帮忙。
在VerifyCsrfToken中添加你的路由url。这将排除验证csrf令牌。你可以在App\Http\Middleware路径文件夹
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'stripe',
];
}
正如官方文档所述
Sometimes you may wish to exclude a set of URIs from CSRF protection. For example, if you are using Stripe to process payments and are utilizing their webhook system, you will need to exclude your Stripe webhook handler route from CSRF protection since Stripe will not know what CSRF token to send to your routes. Typically, you should place these kinds of routes outside of the web middleware group that the App\Providers\RouteServiceProvider applies to all routes in the routes/web.php file. However, you may also exclude the routes by adding their URIs to the $except property of the VerifyCsrfToken middleware:
参考:https://laravel.com/docs/8.x/csrf#preventing-csrf-requests