I want to CSRF protection be enabled for all URLs except my bank gateway. I tried so much to do it by regular expression but it doesn't work. My bank gateway URL is: https://sep.shaparak.ir/
I want all subpages like these:
https://sep.shaparak.ir/PaymentError.aspx
https://sep.shaparak.ir/Payment.aspx
https://sep.shaparak.ir/Payments/InitPayment.asmx
https://sep.shaparak.ir/payments/referencepayment.asmx
be excluded.
UPDATE:
The exclusion which we add to config['csrf_exclude_uris'] is name of our site controller/method not the site which submit something to us. In my case i should set "pay/verify" which is the method that verify user payment.
