Requires Craft 2.5+, running php 5.5.9+
charge/webhook controller is accessed via Stripe callbacks, and is the primary way Charge get's information from the Stripe api about asynchronous events.
CSRF Enabled If you've got CSRF enabled on your Craft install, you'll need to make a special exception for this endpoint. We can't do this directly for you because CSRF checks run before any of the craft code runs.
To bypass CSRF protections for the web hook endpoint you'll need to make an adjustment to your
In your general config, where you're currently enabling csrf protection like :
return array( 'enableCsrfProtection' => true );
You'll need to modify this to be :
return array( 'enableCsrfProtection' => (!isset($_REQUEST['PATH_INFO']) || $_REQUEST['PATH_INFO'] != '/actions/charge/webhook/callback'), );