Jonathon
-
Posts
1064 -
Joined
-
Last visited
-
Days Won
55
Posts posted by Jonathon
-
-
Yeah, I did see that. and I realised how I over came this in testing. I turned the CSRF off - Ha! I have seen the code you talk of and will get on that.
Thanks
Jonathon
-
Well I keep getting 400 errors in my Stripe response back and in the application log:
[error] [exception.CHttpException.400] exception 'CHttpException' with message 'The CSRF token could not be verified.
I feel like i'd sorted this the other day and it was because I was only accessing my site from my own IP address. I will get back to you if it doesn't resolve itself.
Thanks
Jonathon
-
I enabled it in the config yes. I don't think they can no. But you have to pass the csrf token as data into the controller also.
- 1
-
Hi Larry,
When working with webhooks. How do you get passed the CSRF token not being able to be verified?
-
I would recommend you don't have 3 user tables. I've made this mistake before.
See Thomas's (Antonio) post here:
http://www.larryullman.com/forums/index.php?/topic/2577-registration-with-2-models/
-
Thanks Larry
-
Hi Larry,
Just wondered if I could get your thoughts on the best way to offer a user to update a credit card with Stripe. I plan to let Stripe handle everything really. So I never touch or handle any credit card information. I'm going to be using subscriptions. Which is great using checkout, I let Checkout take the information, Stripe creates the customer and assigns them to my plan and bills them each interval.
But how then would you suggest is the most user friendly way to allow someone to edit card details?
Also, out of interest, what web hooks do you look for with your site or do you just send the whole webhook regardless what it is to yourself?
Jonathon
-
Thanks Larry
-
No problem, once you come to a decision, could you just reply to this thread as if you aren't going to do one i'll look into doing it myself. I did have bash with Lucene but Zend is at v2 now and most the articles of integration with Lucene are for v1.
Thanks
Jonathon
-
Hi Larry,
Is your plan still to incorporate Elastic Search into Yii in one of the chapters? I know you were leaning to this some time ago.
PS - Integrated Stripe, it was fairly painless. Seems to be working ok. Thanks for your series and segment in the book on it.
Jonathon
-
I stuck with V2 as I used YiiBooster. But I prefer V3 in Yii2. I actually like the buttons and copied the CSS across from V3 to my project in V2.
-
Yes, it's all on the same domain (a localhost folder). That does make sense, i'll have a look and see what I find.
Thanks
-
Ok thanks Larry.
I believe I have suitable protection, through role RBAC even though the primary key is visible. Perhhaps I may rethink how the url is displayed or use .htaccess to stop it being visible. I just look at other websites like stackoverflow and I note in people user pages there appears to be {id number}-{nickname}
Thanks Larry
-
Thanks Larry,
I actually created a custom form with your guide and got it to work. But checkout was just too pretty to not use. So i've implemented that in it's place now.
Thanks
Jonathon
-
Good question, I had a similar question on here but in terms of it being through Yii.
A follow up question on a slight tangent, Larry, when you say:
Yes. I'd also add: never store a database primary key value in a cookie.
I would therefore take it that you wouldn't advocate using a url parameter in Yii such as
user/profile/1 - with 1 being the user's primary key?
Or do you say that because the cookie can be altered?
-
Hi Larry
If you want to offer 3 paid subscription plans on a site, say basic, standard, advanced. A user chooses one of these and pays every interval, say a month.
Can you use Checkout to accept the payment and then attach the customer to a plan?
If not, would I have to you create a form, accept the payment, subscribe the customer to the plan?
Thanks
Jonathon
-
Ok thanks Larry. I might look at going down this route. I know that it used to have a fairly large performance hindrance. But now, I see many sites using it exclusively. I'm guessing that you wouldn't have any idea of the top of your head as to why I am losing my urlRefferer and Flash messages when a HTTPS page redirects to a HTTP one. I can work around this either way so it's no trouble. But out of interest.
-
I was thinking about this, maybe I should just go for all SSL pages. My flash messages worked fine before I put a couple of HTTPS pages in. I'm also having the issue with urlRefferer from HTTPS to HTTP, in the fact that it returns NULL if accessed from a HTTPS page. I have had a look about to see why I might be losing the data from urlRefferer or the flash messages. But I couldn't work it out.
-
Hi Larry,
I have some pages that are served over HTTPS, would I need to alter my config settings for sessions at all would you think?
I thought of doing this? But I wasn't actually sure
'session' =>array( 'cookieParams' => array( 'secure'=>true, ),
On a related note, I saw this post http://stackoverflow.com/questions/441496/session-lost-when-switching-from-http-to-https-in-php and I believe that it might be the reason some of my flash messages don't work when I'm switching between HTTPS and HTTP pages. What would you advise in order to stop this? Do I need to set the sessionName explicitly in the config file?
Jonathon
-
You too Edward!
-
More so the second one.
-
Virtual products
-
Thanks, you too
- 1
-
mid 20s I think
Stripe Webhooks With Csrf
in The Yii Book
Posted
Hi Larry,
When you say you can't use it, really. What do you mean? I know that when I turned it on a lot of my ajax request fails, this lead me to using things like:
and sending it along with the CHtml::ajax data parameter.