Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

firefox mobile invalid csrf #16

Closed
petersowa opened this issue Jun 29, 2020 · 2 comments
Closed

firefox mobile invalid csrf #16

petersowa opened this issue Jun 29, 2020 · 2 comments

Comments

@petersowa
Copy link

Hi, I am getting "invalid csrf token" only in Firefox mobile (android device) with session storage configured. Verified _crsf value field is set in the form body.

2020-06-29T02:49:09.916098+00:00 app[web.1]: _csrf: 'T3j4XGw1-iP7JwuRT1lXlFcRyjdHF_kvVMRo'

(Works fine on Firefox Desktop and Chrome mobile/desktop)

Here is the server error:

{
2020-06-29T02:49:09.917542+00:00 app[web.1]: ServerError: Error: invalid csrf token
2020-06-29T02:49:09.917544+00:00 app[web.1]: at Object.handleCsrf (/app/node_modules/fastify-csrf/lib/fastifyCsrf.js:36:10)
2020-06-29T02:49:09.917544+00:00 app[web.1]: }
@Tarang11
Copy link
Member

@petersowa, csrf token is generated by nodejs server(backend), so client should not be a problem, whether it's browser or cli(curl). Check whether the token sent by server and received by server is same, character by character.

@petersowa
Copy link
Author

Thanks. I believe this is somehow related to my heroku deployment. Since when I test on a local server it appears to work fine on Firefox mobile. Possibly, something with the way sessions and secure cookies are handled in heroku.

@Tarang11 Tarang11 closed this as completed Jul 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@petersowa @Tarang11