Merge ed5be99 into 37cb4ce

ory · May 27, 2022 · 4b2e69a · 4b2e69a
2 parents 37cb4ce + ed5be99
commit 4b2e69a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/selfservice/flow/verification/handler.go b/selfservice/flow/verification/handler.go
@@ -241,7 +241,7 @@ func (h *Handler) fetch(w http.ResponseWriter, r *http.Request, _ httprouter.Par
 	// Browser flows must include the CSRF token
 	//
 	// Resolves: https://github.com/ory/kratos/issues/1282
-	if req.Type == flow.TypeBrowser && !nosurf.VerifyToken(h.d.GenerateCSRFToken(r), req.CSRFToken) {
+	if req.Type == flow.TypeBrowser && req.CSRFToken != "" && !nosurf.VerifyToken(h.d.GenerateCSRFToken(r), req.CSRFToken) {
 		h.d.Writer().WriteError(w, r, x.CSRFErrorReason(r, h.d))
 		return
 	}