New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fetching CSRF from headers requires update #94
Comments
My friend, @shivam221098, its Double Submit Cookie Pattern. You need to repeat your Example:
|
Thanks for the info @Ramazan2002. Is that If yes, Can you share the sample function which you have implemented? That would be a help 🙏 |
@shivam221098
|
@shivam221098 Please, close issue if it helped you |
In this line,
fastapi-jwt-auth/fastapi_jwt_auth/auth_jwt.py
Line 549 in a6c0619
the code is trying to get
CSRF_TOKEN
from the headers and treatingresponse.headers
as adict
object which is true. But the headers don't contain the default"X-CSRF-Token"
. It contains the key-value pair withcookies
as key and all cookie info as a string separated by;
.So whenever someone tries to get CSRF token the code is unable to find the key
"X-CSRF-Token"
in the headers but now it's inside keycookies
, which needs to be parsed for extractingCSRF_TOKEN
.That's why whenever someone uses
csrf_protect
asTrue
, they get aMissing CSRF Token
error every timeI can see the code is not updated for the last 2 years. That might be the reason that it is not in compliance with the browser's headers.
The text was updated successfully, but these errors were encountered: