Support » Plugin: GiveWP - Donation Plugin and Fundraising Platform » CSRF problems with Stackpath firewall protection

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    >> We got a license of the plugin by purchasing the Alone theme from https://themeforest.net/item/alone-charity-multipurpose-nonprofit-wordpress-theme/15019939. S <<

    Moderator note: If you’re using the pro version of this plugin, please contact them directly. Because you’re using a commercial theme/plugin, please use their official support channel. We feel they are best equipped to support their products.

    Contact them at https://go.givewp.com/home

    Commercial products are not supported in these forums.

    I’m not sure who exactly can provide support. We got the plugin through the theme vendor and not direct from GiveWP, so I’m not sure we have a pro version license. We can only get support from GiveWP if we have an account there, which we don’t. When I attempt to request support on that site, it states:

    Free Support

    No problem! We answer free support inquiries as quick as possible. Free support is available on WordPress.org. Our team responds to all inquiries there within 24-36 hours, Monday through Friday, 5am – 2pm Pacific time.

    That’s why I came here. What’s the next step?

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Forum Moderator & Support Team Volunteer

    If you’re using the free version, then the plugin team here is able to support you. (That’s why I didn’t close the topic; I’m not sure there *is* a pro version. 🙂 )

    Plugin Support Ben Meredith

    (@benmeredithgmailcom)

    Happy to help, here.

    This is one of those situations where it’s fairly easy to get stuck between a bunch of help desks who don’t want to live up to our name and “help.”

    You’ve correctly isolated the problem here, and it’s that StackPath has added an additional layer in between your site (where GiveWP is coreeclty sending the calls to PayPal’s API) and PayPal where those API calls are being received.

    PayPal wants to make sure that the calls originated from the same place, and StackPath being in the mix is causing issues.

    If it worked before stackpath, then we know that GiveWP is not the issue here. As far as who can actually help, that’s likely going to be stackpath themselves.

    The CSRF error from PayPal stands for Cross Site Request Forgery, and that means that a different site from the originating one is attempting to “forge” the signature of the original site. Since that’s a way that bad actors could create bots to steal money, it’s something that PayPal looks for.

    But it’s also got to be something that StackPath takes into account, and has workarounds for.

    There’s nothing we can do from the GiveWP side, but if the StackPath folks find a something we can do to play more nicely with their security solution, we’re happy to take a look.

    • This reply was modified 2 weeks, 2 days ago by Ben Meredith. Reason: typo
Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.