Disable CSRF on a specific page Kentico 12

Jay Crowe asked on June 25, 2020 13:47

Hi,

We have upgraded out site to Kentico 12 from 10, and previously we were able to set this.Page.Items["CsrfProtectionDisabledOnPage"] = true; to disable CSRF on specific pages.

This now no longer works on Kentico 12 and I was wondering if anyone could help please?

We have an iframe that populated the page and SagePay calls back to this page to then update the order as paid.

Cheers, Jay

Recent Answers

David te Kloese answered on June 26, 2020 11:33

Hi,

Check this article: devnet.kentico.com/.../payment-gateways-and-csrf-protection

Update (16.1.2018)! This workaround is no longer available in Kentico 11 and higher and API checking for this item was removed. Workaround was added due to issues with protection and payment gateways only and they have been rewritten during v11 e-commerce rebuild.

The recommended approach is to create a handler that processes the request outside of the rendered (aspx) page itself.

1 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.