You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I am getting "invalid csrf token" only in Firefox mobile (android device) with session storage configured. Verified _crsf value field is set in the form body.
@petersowa, csrf token is generated by nodejs server(backend), so client should not be a problem, whether it's browser or cli(curl). Check whether the token sent by server and received by server is same, character by character.
Thanks. I believe this is somehow related to my heroku deployment. Since when I test on a local server it appears to work fine on Firefox mobile. Possibly, something with the way sessions and secure cookies are handled in heroku.
Hi, I am getting "invalid csrf token" only in Firefox mobile (android device) with session storage configured. Verified _crsf value field is set in the form body.
2020-06-29T02:49:09.916098+00:00 app[web.1]: _csrf: 'T3j4XGw1-iP7JwuRT1lXlFcRyjdHF_kvVMRo'
(Works fine on Firefox Desktop and Chrome mobile/desktop)
Here is the server error:
The text was updated successfully, but these errors were encountered: