Menu
I'm implementing a payment method on my application, and the bank site send back a post request with information about the payment, like the status, the payment id ...
But to be sure the request is not from someone trying to do bad stuff, can I accept only request from my bank system? I'm looking for something to check in the request for this action/controller is only from mybank.com and skip others.
887
You can constrain the route:
post 'yourpath', to: 'controller#action', constraints: { protocol: 'https://', host: 'yourbank' }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
