coop/cart
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add csrf_exempt to SumUp webhook endpoint
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 55s
Details

Browse Source 
SumUp POSTs to /checkout/webhook/ externally with no session,
causing CSRF rejection. Mark endpoint as exempt.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
giles
2026-02-21 21:13:00 +00:00
parent e86c4a0cc8
commit 058f0a1d8a
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bp/cart/global_routes.py
View File

@@ -31,6 +31,7 @@ from .services.checkout import (
get_order_with_details,
)
from shared.browser.app.payments.sumup import create_checkout as sumup_create_checkout
from shared.browser.app.csrf import csrf_exempt
def register(url_prefix: str) -> Blueprint:
@@ -205,6 +206,7 @@ def register(url_prefix: str) -> Blueprint:
return redirect(hosted_url)
@csrf_exempt
@bp.post("/checkout/webhook/<int:order_id>/")
async def checkout_webhook(order_id: int):
"""Webhook endpoint for SumUp CHECKOUT_STATUS_CHANGED events."""