Using Laravel, I have added Affirm and in my affirm.checkout data, I have the user_confirmation_url set to go to a route that specifically processes Affirm orders:

affirm.checkout({
        "merchant": {
            "user_confirmation_url": "http://127.0.0.1:8000/affirm-order",
            ...

When a request is made to that URL, I get a 419 error because there is no CSRF token.

How can I include a csrf token to that url?

I tried adding @csrf to the page, and making the url "user_confirmation_url": "http://127.0.0.1:8000/affirm-order?token={{csrf_token()}}",, but that didn’t work.

>Solution :

If http://127.0.0.1:8000/affirm-order is the url the checkout service must call when it is done, then it has no way of knowing the correct CSRF token. You must add an exception for that particular endpoint in the VerifyCsrfToken Middleware.

<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array<int, string>
     */
    protected $except = [
        'affirm-order',
    ];
}