New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error: CSRF token missing 馃悰 #492
Comments
@vaibssingh - heads up on the above |
@vaibssingh - reopening this. Are we able to take a look at this issue on the Thanks for your time today 鉂わ笍 |
Reference: nextauthjs/next-auth#88 |
This blog has been the most useful in getting CSRF setup, I am getting ever closer: |
@vaibssingh @maoo - I discovered the fix 馃挭 At the app configuration level, app.use(session({ ... }));
app.use(
lusca({
csrf: {
cookie: { name: '_csrf' },
secret: 'qwerty', // will be configurable via proxy.config.json
},
hsts: { maxAge: 31536000, includeSubDomains: true, preload: true },
nosniff: true,
referrerPolicy: 'same-origin',
xframe: 'SAMEORIGIN',
xssProtection: true,
}),
); At each authorised invocation of the API, for example login and logout, the CSRF token stored as a cookie on the client should be retrieved and sent back to the server via the const csrfToken = getCookie('_csrf'); // get CSRF token from Cookies
axios
.post(
loginUrl,
{
username: username,
password: password,
},
{
withCredentials: true,
headers: {
'Content-Type': 'application/json',
'X-CSRF-TOKEN': csrfToken, // enforces CSRF protection
},
},
) |
Describe the bug
When logging in via the UI, the following error is received:
To Reproduce
reconcile
branch/login
via the UIadmin
&admin
for username and password credentialsAdditional context
CSRF added in PR: #462
The text was updated successfully, but these errors were encountered: