Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

image.png

Hiya, this might be a noob question so please bear with me

In the frontend code examples for <https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset|account recovery> I don't see any explicit CSRF handling. So I'm assuming it's 'magically' handled via cookies? I am trying to replicate this implementation but when I try and do the `getRecoveryFlow` request I get a big fat CSRF related error :disappointed:

I was using the redirects wrong, user errors &lt;.&lt;

Hi Can you tell me how did you solve this. I am getting this error on each page

Heya <@U0585QGNE6T> sorry for the late reply. What I did wrong is that I first need to send the user to kratos and let Kratos redirect to my frontend instead

```    recovery:
      enabled: true
      ui_url: <http://127.0.0.1:13001/auth/recovery>
      use: code```

I did the same. anyways thanks :grinning: