Hi! I'm having CSRF issues and I've noticed that /...
# talk-kratos
f
Hi! I'm having CSRF issues and I've noticed that /self-service/login/browser is setting 3 csrf_token cookies... Is this ok or should there be just one? 😢 Also, kratos says that expected_token is ABC, but in flow response I receive a totally different token DEF that doesn't match :<
Here's what I receive from flow response:
The csrf_token is being sent in the form data, but apparently, it doesn't match...
h
which version?
f
v0.9.0-alpha.3 and this is webauthn login flow
happens right after I submit the form with email, csrf_token and method: "webauthn"
In fact, I think I've figured it out, don't waste time pls, I'll let you know later what was the issue if I manage to fix it