From 85eba5cf01985c25e3dd647d8044dc9f66a9c49a Mon Sep 17 00:00:00 2001
From: Aleksandar Mihajlovski <aleksandar.mihajlovski@adyen.com>
Date: Tue, 3 Dec 2024 13:52:31 +0100
Subject: [PATCH] include csrf token on get payment methods (#1217)

* chore: include csrf

* chore: validate instead of generating new one
---
 .../cartridge/client/default/js/commons/index.js               | 3 +++
 src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js   | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/commons/index.js b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/commons/index.js
index 04564bf7b..8f32eded5 100644
--- a/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/commons/index.js
+++ b/src/cartridges/app_adyen_SFRA/cartridge/client/default/js/commons/index.js
@@ -33,6 +33,9 @@ module.exports.getPaymentMethods = async function getPaymentMethods() {
   return $.ajax({
     url: window.getPaymentMethodsURL,
     type: 'post',
+    data: {
+      csrf_token: $('#adyen-token').val(),
+    },
   });
 };
 
diff --git a/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js b/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js
index 301897cb3..6b8dec400 100644
--- a/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js
+++ b/src/cartridges/int_adyen_SFRA/cartridge/controllers/Adyen.js
@@ -105,7 +105,7 @@ server.post(
 server.post(
   'GetPaymentMethods',
   server.middleware.https,
-  csrf.generateToken,
+  csrf.validateRequest,
   adyen.getCheckoutPaymentMethods,
 );