fix: missing csrf token for stripe

marcel-bitfly · marcel-bitfly · commit af719ed0379b · 2025-06-02T19:06:54.000+02:00
Stripe integration uses `v1 api`, where `csrf token` is needed. We are not using `csrfStore` since this will be removed soon. See: https://github.com/gobitfly/eth2-beaconchain-explorer/blob/2f960a87aaa8443e6a537203b7ba78f27530286c/templates/payment/pricing.html#L38 See: https://bitfly1.atlassian.net/browse/BEDS-1539
diff --git a/frontend/composables/useStripeProvider.ts b/frontend/composables/useStripeProvider.ts
@@ -25,11 +25,19 @@ export function useStripeProvider() {
     )
   })
 
+  const { apiClient } = useRuntimeConfig().public
+  const csrfToken = ref()
   const stripeInit = async (stripePulicKey: string) => {
     if (stripePulicKey === '') {
       return
     }
-
+    await $fetch(`${apiClient}/pricing`, {
+      onResponse({
+        response,
+      }) {
+        csrfToken.value = response.headers.get('x-csrf-token') ?? ''
+      },
+    })
     stripe.value = await loadStripe(stripePulicKey)
   }
 
@@ -45,6 +53,9 @@ export function useStripeProvider() {
       {
         baseURL: stripeBaseUrl,
         body: JSON.stringify({ returnURL: window.location.href }),
+        headers: {
+          'x-csrf-token': csrfToken.value,
+        },
       },
     )
 
@@ -69,6 +80,9 @@ export function useStripeProvider() {
           priceId,
           promotionCode: promoCode,
         }),
+        headers: {
+          'x-csrf-token': csrfToken.value,
+        },
       },
     )
 
