hello ory team , Frontend origin is <https://deva...
# talk-kratosh
helpful-eve-46197
05/24/2023, 11:11 AMhello ory team , Frontend origin is https://devapp.stackways.io/ and flow id i am generating via https://dev-api.stackways.io/.ory/kratos/public/self-service/login/browser , When i try to login with https://dev-api.stackways.io/.ory/kratos/public/self-service/login?flow=d14df424-61d5-4a38-838f-8104ea747a5a (Login flow ) getting 403 forbidden . (CSRF token mismatching error gettting) but csrf token is generating and passing correctly in the request body .
h
high-optician-2097
05/24/2023, 11:23 AM
self hosted or ory network?
h
helpful-eve-46197
05/24/2023, 11:33 AMOry self-hosted
helpful-eve-46197
05/24/2023, 11:34 AMhint
"The anti-CSRF cookie was found but the CSRF token was not included in the HTTP request body (csrf_token) nor in the HTTP Header (X-CSRF-Token)."
reject_reason
"The HTTP Cookie Header was set and a CSRF token was sent but they do not match. We recommend deleting all cookies for this domain and retrying the flow.
helpful-eve-46197
05/24/2023, 12:09 PMhackerman sir ?
helpful-eve-46197
05/25/2023, 1:16 AMOry Identities and your UI must be hosted on same top level domain! You can't host Ory Identities and your UI on separate top level domains:
•
<http://kratos.bar.com|kratos.bar.com><http://ui.bar.com|ui.bar.com><http://kratos.bar.com|kratos.bar.com><http://bar.com|bar.com><http://kratos.bar.com|kratos.bar.com><http://not-bar.com|not-bar.com>helpful-eve-46197
05/25/2023, 1:17 AMin our case .stackways.io
p
purple-intern-72952
05/25/2023, 5:44 AMHello Ory Team,
Please Provide some solution if possible, we are stuck here for the above one.
Thanks
s
swift-island-66287
05/30/2023, 3:54 AM@helpful-eve-46197 I had a similar issue. my case was that I was using one of the SDK methods which are made for the browser on the backend, more specifically the
updateRegistrationFlow4 Views