Hello ! When I try to logout in a native app (not browser) i am facing a 403 with this error below. I am using the /self-service/logout (with a delete or a post) I have actually no CSRF token and no cookies (because it is a native app :3) :

{

"id": "security_csrf_violation",

"code": 403,

"status": "Forbidden",

"reason": "Please retry the flow and optionally clear your cookies. The request was rejected to protect you from Cross-Site-Request-Forgery (CSRF) which could cause account takeover, leaking personal information, and other serious security issues.",

"details": {

"docs": "<https://www.ory.sh/kratos/docs/debug/csrf>",

"hint": "The anti-CSRF cookie was found but the CSRF token was not included in the HTTP request body (csrf_token) nor in the HTTP Header (X-CSRF-Token).",

"reject_reason": "The HTTP Cookie Header was set and a CSRF token was sent but they do not match. We recommend deleting all cookies for this domain and retrying the flow."

},

"message": "the request was rejected to protect you from Cross-Site-Request-Forgery"

}

Hi @high-lunch-26355 There are two APIs in Kratos, one for Native and another for Browser. https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration You need to call this API. https://www.ory.sh/docs/reference/api#tag/frontend/operation/performNativeLogout

It's fine thank you 🙂 I was missing the /api at the end :X