few-addition-25162
04/03/2022, 11:02 PM{
"error": {
"id": "security_csrf_violation",
"code": 403,
"status": "Forbidden",
"request": "68d4fc2bd9f0aff027b1434ae2b00b8e",
"reason": "Please retry the flow and optionally clear your cookies. The request was rejected to protect you from Cross-Site-Request-Forgery (CSRF) which could cause account takeover, leaking personal information, and other serious security issues.",
"details": {
"docs": "<https://www.ory.sh/kratos/docs/debug/csrf>",
"hint": "The anti-CSRF cookie was found but the CSRF token was not included in the HTTP request body (csrf_token) nor in the HTTP Header (X-CSRF-Token).",
"reject_reason": "The HTTP Cookie Header was set and a CSRF token was sent but they do not match. We recommend deleting all cookies for this domain and retrying the flow."
},
"message": "the request was rejected to protect you from Cross-Site-Request-Forgery"
}
}
I think the problem may be in the settings of my ory/kratos. My conf: https://gist.github.com/batazor/587c014db9c57707c73e98cafa271e57
I run the UI at http://127.0.0.1:3000/next/auth
What am I missing out on?proud-plumber-24205
04/04/2022, 9:59 AM--dev
mode to work properly.
https://www.ory.sh/docs/kratos/debug/csrftall-angle-41306
05/13/2022, 9:22 PM