but I'm getting this error:
```{"error":{"id":"sec...
# ory-selfhostingb
bulky-teacher-81743
02/13/2024, 6:00 PMbut I'm getting this error:
Copy code
{
"error": {
"id": "security_csrf_violation",
"code": 403,
"status": "Forbidden",
"reason": "Please retry the flow and optionally clear your cookies. The request was rejected to protect you from Cross-Site-Request-Forgery (CSRF) which could cause account takeover, leaking personal information, and other serious security issues.",
"details": {
"docs": "<https://www.ory.sh/kratos/docs/debug/csrf>",
"hint": "The anti-CSRF cookie was found but the CSRF token was not included in the HTTP request body (csrf_token) nor in the HTTP Header (X-CSRF-Token).",
"reject_reason": "The HTTP Cookie Header was set and a CSRF token was sent but they do not match. We recommend deleting all cookies for this domain and retrying the flow."
},
"message": "the request was rejected to protect you from Cross-Site-Request-Forgery"
}
}👀 1
a
astonishing-appointment-3757
02/14/2024, 5:57 AMencountering the same issue
astonishing-appointment-3757
02/14/2024, 6:11 PM@bulky-teacher-81743 were you able to find a solution?
b
bulky-teacher-81743
02/14/2024, 8:39 PM@astonishing-appointment-3757 I was, I was querying identities api on port 4434 instead of api on 4433
❤️ 1
bulky-teacher-81743
02/14/2024, 8:40 PMalso manually made my own api queries as the rust sdk is bugy
a
astonishing-appointment-3757
02/14/2024, 8:40 PMThank you! Was also able to fix my issue — was mixing 127.0.0.1 and localhost so the cookies werent being set
b
bulky-teacher-81743
02/15/2024, 6:51 PMNice, where you able to get user registration working?
bulky-teacher-81743
02/15/2024, 8:42 PM@astonishing-appointment-3757 I figured it out
bulky-teacher-81743
02/15/2024, 8:43 PMwas able to submit a user registration with the following curl request:
curl -X POST "<http://127.0.0.1:4455/.ory/kratos/public/self-service/registration?flow=8a94d7c6-56f9-47b8-b89f-c8df1014ceca>" -H 'Cookie: csrf_token_2d785ea2f6536900108362e9bfff73eef3a32be3921b3abc74b0a990093487c9=sOmocL+qjVWFjxJ6D9GZ1r4eijXbD/3NcB3A562ATb8=' -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"method":"password","csrf_token":"BttrGxDTlRNm8f6NAvvk6MF/FY0RERFdLnJdr9CQeZW2MsNrr3kYRuN+7PcNKn0+f2GfuMoe7JBeb51IfRA0Kg==","traits.email":"<mailto:email@example.com|email@example.com>","password":"Verystr23ongpassword","traits.name.first":"yes","traits.name.last":"newsletter"}'👀 1
bulky-teacher-81743
02/15/2024, 8:44 PMyou have to pass csrf_token into the body form which you get while using get_registration_flow
bulky-teacher-81743
02/15/2024, 8:44 PMand have the cookie set in the headers
a
astonishing-appointment-3757
02/15/2024, 8:44 PMI wasn’t facing any user-registration issues — we’re just using the Node SDK and the hosted Ory-Network for now — but guessing this will come in very handy later. Thank you!
b
bulky-teacher-81743
02/15/2024, 8:45 PMNo problem!
As per ory ai:
Remember, the CSRF token is a hidden input field in the form and must be included in the request body when submitting the form. The CSRF token and CSRF cookie must match, otherwise, you will encounter an error.
✅ 1
14 Views