Magento 2 请求方法：POST 状态码：302

Question

We have a Magento 2 site (PHP 7.2.30, Apache/2.4.43) and we are using a payment gateway that uses redirect integration. When customer chooses to pay with them, they are taken off site to the payment provider page where they enter their credit card details and after making payment, payment provider sends the customer back to below url using POST method

https://mymagentosite.com/checkout/cart/

However, Magento is then 302 redirecting the user to the home page

We have tested and we can go to the above url directly but when we try to POST any data to this url, it just redirects to home page.

We have tried the same scenario with different Magento installs (all version 2). For some sites, it is working but for some it is not working.

Any thoughts? Below is what we can see in Network tab.

Request URL: https://mymagentosite.com/checkout/cart/
Request Method: POST
Status Code: 302 
Remote Address: xx.xx.xx.xxx:443
Referrer Policy: no-referrer-when-downgrade
access-control-allow-headers: authorization, origin, user-token, x-requested-with, content-type
access-control-allow-methods: PUT, GET, POST, DELETE, OPTIONS
access-control-allow-origin: *
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-encoding: gzip
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Thu, 09 Jul 2020 11:35:55 GMT
expires: Tue, 09 Jul 2019 11:35:56 GMT
gd-server: Agrii
location: https://mymagentosite.com/
pragma: no-cache
server: Apache
set-cookie: PHPSESSID=tl3jrdf4s7sphmtf7k35ntp72a; expires=Thu, 09-Jul-2020 12:35:55 GMT; Max-Age=3600; path=/; domain=mymagentosite.com; secure; HttpOnly;HttpOnly;Secure
set-cookie: private_content_version=d0bc931457425e0d377365db2431379d; expires=Sun, 07-Jul-2030 11:35:55 GMT; Max-Age=315360000; path=/; secure;HttpOnly;Secure
set-cookie: form_key=dT1VSLBY33VECrPW; expires=Thu, 09-Jul-2020 12:35:55 GMT; Max-Age=3600; path=/; domain=mymagentosite.com;HttpOnly;Secure
set-cookie: mage-messages=%5B%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Your+session+has+expired%22%7D%2C%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Invalid+Form+Key.+Please+refresh+the+page.%22%7D%2C%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Invalid+Form+Key.+Please+refresh+the+page.%22%7D%2C%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Invalid+Form+Key.+Please+refresh+the+page.%22%7D%5D; expires=Fri, 09-Jul-2021 11:35:56 GMT; Max-Age=31536000; path=/;HttpOnly;Secure
status: 302
strict-transport-security: max-age=63072000; includeSubdomains;
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-magento-cache-control: max-age=0, must-revalidate, no-cache, no-store
x-magento-cache-debug: MISS
x-magento-tags: FPC
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
:authority: mymagentosite.com
:method: POST
:path: /checkout/cart/
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,nb;q=0.8,ru;q=0.7,ga;q=0.6,ur;q=0.5
cache-control: max-age=0
content-length: 10
content-type: application/x-www-form-urlencoded
cookie: _hjid=715b5b02-19d1-4533-85c6-a1c2ee399ff4; _ga=GA1.2.288380805.1594293232; _gid=GA1.2.620314515.1594293232; PHPSESSID=tl3jrdf4s7sphmtf7k35ntp72a; mage-translation-storage=%7B%7D; mage-translation-file-version=%7B%7D; mage-cache-storage=%7B%7D; mage-cache-storage-section-invalidation=%7B%7D; mage-cache-sessid=true; form_key=dT1VSLBY33VECrPW; recently_viewed_product=%7B%7D; recently_viewed_product_previous=%7B%7D; recently_compared_product=%7B%7D; recently_compared_product_previous=%7B%7D; product_data_storage=%7B%7D; searchReport-log=0; _hjIncludedInSample=1; __atuvc=2%7C28; __atuvs=5f06fe24d397c3d2001; private_content_version=3aac0f243eb3546882ab3d080549c5a7; mage-messages=%5B%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Your+session+has+expired%22%7D%2C%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Invalid+Form+Key.+Please+refresh+the+page.%22%7D%2C%7B%22type%22%3A%22error%22%2C%22text%22%3A%22Invalid+Form+Key.+Please+refresh+the+page.%22%7D%5D; _gat_gtag_UA_20854971_28=1; _gat=1; section_data_ids=%7B%22cart%22%3A1594294549%2C%22messages%22%3A1594293807%7D
dnt: 1
origin: https://paymentprovider.com
referer: https://paymentprovider.com/postback.php
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: cross-site
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

Answer 1

This maybe happening because your controller does not support the POST request. You need to implement the CsrfAwareActionInterface and implement two methods named createCsrfValidationException and validateForCsrf.

For more details. Please refer to this link:

https://bestafiko.medium.com/magento-2-how-to-enable-post-request-on-controller-without-x-requested-with-xmlhttprequest-3a66e282ddf