https://www.ory.sh/ logo
#talk-kratos
Title
# talk-kratos
f

few-addition-25162

04/03/2022, 11:02 PM
I've seen a few similar problems, but I still couldn't figure out what the problem might be and how it could be solved I try run react-application, but get error message (https://github.com/ory/kratos-selfservice-ui-react-nextjs)
Copy code
{
  "error": {
    "id": "security_csrf_violation",
    "code": 403,
    "status": "Forbidden",
    "request": "68d4fc2bd9f0aff027b1434ae2b00b8e",
    "reason": "Please retry the flow and optionally clear your cookies. The request was rejected to protect you from Cross-Site-Request-Forgery (CSRF) which could cause account takeover, leaking personal information, and other serious security issues.",
    "details": {
      "docs": "<https://www.ory.sh/kratos/docs/debug/csrf>",
      "hint": "The anti-CSRF cookie was found but the CSRF token was not included in the HTTP request body (csrf_token) nor in the HTTP Header (X-CSRF-Token).",
      "reject_reason": "The HTTP Cookie Header was set and a CSRF token was sent but they do not match. We recommend deleting all cookies for this domain and retrying the flow."
    },
    "message": "the request was rejected to protect you from Cross-Site-Request-Forgery"
  }
}
I think the problem may be in the settings of my ory/kratos. My conf: https://gist.github.com/batazor/587c014db9c57707c73e98cafa271e57 I run the UI at http://127.0.0.1:3000/next/auth What am I missing out on?
p

proud-plumber-24205

04/04/2022, 9:59 AM
Hi @User It is most likely something to do with how you are hosting your frontend and backend (which origin is used in the browser vs kratos). Locally Kratos needs to also use
--dev
mode to work properly. https://www.ory.sh/docs/kratos/debug/csrf
t

tall-angle-41306

05/13/2022, 9:22 PM
@few-addition-25162 Did you find a solution to this, we're experiences the same at the moment and struggling to understand why
17 Views