Getting Invalid Form Key. Please refresh the page error not able to do any action after upgrade of Magento 2.2.5 to Magento 2.3.
6
- Check this out simicart.com/blog/magento-2-invalid-form-keyPrathap Gunasekaran– Prathap Gunasekaran2019-02-13 08:15:08 +00:00Commented Feb 13, 2019 at 8:15
- Are you on local server ? like xampp ?anonymous– anonymous2019-02-13 08:19:36 +00:00Commented Feb 13, 2019 at 8:19
- Yes, im using xampp for localBangaram sandhya– Bangaram sandhya2019-02-13 08:21:14 +00:00Commented Feb 13, 2019 at 8:21
- 2What's your base Url ? If its localhost/your-project-name than you can give a try to replace localhost with 127.0.0.1 Run setup:upgrade It should solve your issue.anonymous– anonymous2019-02-13 08:28:12 +00:00Commented Feb 13, 2019 at 8:28
- i don't think so its a server issue, because till now i'm using magento 2.2.5 there is no issues when i upgraded to 2.3 then only this issue came.Bangaram sandhya– Bangaram sandhya2019-02-13 09:49:15 +00:00Commented Feb 13, 2019 at 9:49
| Show 1 more comment
2 Answers
Finally I got the solution
I have a custom payment method that uses the cc-form to take credit card payments with and without 3dsecure. After placing order with 3dsecure, I am re-directing to 3dsecure page as normal, but on returning from 3dsecure, I am re-directed to the home page with "Invalid Form Key. Please refresh the page why because in Magento 2.3 core payment methods are using CsrfAwareActionInterface for each controller."
So now i have implemented same thing in my custom payment method as below
use Magento\Framework\App\CsrfAwareActionInterface; use Magento\Framework\App\Request\InvalidRequestException; use Magento\Framework\App\RequestInterface; class CustomPaymentResponse extends \Magento\Framework\App\Action\Action implements CsrfAwareActionInterface /** * @inheritDoc */ public function createCsrfValidationException( RequestInterface $request ): ?InvalidRequestException { return null; } /** * @inheritDoc */ public function validateForCsrf(RequestInterface $request): ?bool { return true; } Note : you can get reference from core module. Here is the core file path vendor\magento\module-authorizenet\Controller\Directpost\Payment\BackendResponse.php.
- I have tried this but this is not working with me . I used a custom payment method (paytab) and the call back url from the payment method is giving me a 302 found and redirects to home page with the same message.Melvin– Melvin2019-04-24 07:35:27 +00:00Commented Apr 24, 2019 at 7:35
- Thanks @bangaram you have saved our time.Nagaraju Kasa– Nagaraju Kasa2019-10-25 16:45:44 +00:00Commented Oct 25, 2019 at 16:45
- 3validateForCsrf is there for security reasons! you must not always return true!Philipp Sander– Philipp Sander2019-11-05 13:21:10 +00:00Commented Nov 5, 2019 at 13:21
- Its works! Thanks for your post!mapaladiya– mapaladiya2020-10-14 08:18:44 +00:00Commented Oct 14, 2020 at 8:18
use Magento\Framework\App\CsrfAwareActionInterface; use Magento\Framework\App\Request\InvalidRequestException; use Magento\Framework\App\RequestInterface; class CustomPaymentResponse extends \Magento\Framework\App\Action\Action implements CsrfAwareActionInterface /** * @inheritDoc */ public function createCsrfValidationException( RequestInterface $request ): ?InvalidRequestException { return null; } /** * @inheritDoc */ public function validateForCsrf(RequestInterface $request): ?bool { return true; } /** * Dispatch request * * @return \Magento\Framework\Controller\ResultInterface|ResponseInterface * @throws \Magento\Framework\Exception\NotFoundException */ public function execute() { //your response check } Your response controller should be like this, then only form key issue will fix.
Referrence: https://github.com/magento/magento2/issues/19712
