Broadleaf Commerce Discussion Forums

Hi All,

I followed the document to set up Autherize.net , i am getting the following error on my console when Autherize.net calls back my relay URL (POST Method) even though i have excluded this URL from CsrfFilter as suggested in the document.

[url]docs.broadleafcommerce.org/current/Authorize.net-Quick-Start.html[/url]

[artifact:mvn] org.broadleafcommerce.common.exception.ServiceException: XSRF token mismatch (null). Session may be expired.
[artifact:mvn] at org.broadleafcommerce.common.security.service.ExploitProtectionServiceImpl.compareToken(ExploitProtectionServiceImpl.java:107)

Second thing is , at the same time i am getting the below message in the browser

"An error occurred while trying to report this transaction to the merchant. An e-mail has been sent to the merchant informing them of the error. The following is the result of the attempt to charge your credit card.

This transaction has been approved.

It is advisable for you to contact the merchant to verify that you will receive the product or service."

Please help anyone,
Thanks,

Set a breakpoint in CsrfFilter.java. What is in the excludedRequestPatterns property? Compare what is in this list to what you have defined in your properties file for authorizenet.relay.response.url.

Hi Phillip,
Thanks for your quick reply. As you suggested i debugged the csrfFilter.java and solved my problem. I have successfully integrated Autherize.net test account in my site.

Note:
I made one change to make it happen.
<bean id="blCsrfFilter" class="org.broadleafcommerce.common.security.handler.CsrfFilter">
<property name="excludedRequestPatterns">
<list>
<value>${authorizenet.relay.response.url}</value>
</list>
</property>
</bean>

Instead of ${authorizenet.relay.response.url} i directly hardcoded value as /checkout/process

Thanks,
Vel