Hi, I am trying to setup a registration flow with ...
# talk-kratose
enough-winter-51484
01/14/2022, 2:15 PMHi, I am trying to setup a registration flow with ajax. It runs all on localhost. I serve Kratos with the --dev parameter and the there is a env variable with true. I have issues with CSRF and cookies. The docs says, if I run it in dev mode, it wil disable same-site Lax. But the response from the flow initialization does have same-site Lax. Am I doing something wrong?
Client is running on localhost:8080, Kratos on localhost:8081
docs: https://www.ory.sh/kratos/docs/debug/csrf/#samesite-attribute
enough-winter-51484
01/14/2022, 3:21 PMI searched in the repo on Github, I am nog experienced with the GO language. But it looks like the SameSite is set here: https://github.com/ory/kratos/blob/cc99096d07408c8b713ef9a7b17b8345597a9129/x/nosurf.go#L142
It looks like
sameSite = http.SameSiteLaxModeh
high-optician-2097
01/14/2022, 3:26 PM
Maybe this is documented incorrectly
e
enough-winter-51484
01/14/2022, 3:30 PMOk, but is there a way to work with this on localhost?
p
proud-plumber-24205
01/14/2022, 4:15 PMhey @User
maybe the host is incorrect? localhost vs 127.0.0.1
proud-plumber-24205
01/14/2022, 4:17 PMcan you also give me some more information, such as logs on kratos and browser requests? I need a bit more understanding of what you have issues with.
e
enough-winter-51484
01/14/2022, 4:43 PMHi Alano, i'm not back home anymore. I can answer tommorow with more details. But the initial flow requests gives a cookie back with domain localhost en samestite Lax. The cookie was not stored in chrome and not send with the actual registration request. Te response is the CSRF error. For logs from Kratos, I have to look tomorrow. I checked if it was running in dev mode in the logs before, and it was.
enough-winter-51484
01/14/2022, 7:45 PMHi, I am back home earlier. I have the logs right here. I don't see anything remarkable. The request with the 403 status (CRSF error) is logged. What can I possibly look for that you can use to help me?
enough-winter-51484
01/14/2022, 8:17 PMYes found the problem 🙂
enough-winter-51484
01/14/2022, 8:22 PMI am using the
@ory/kratos-clientinitializeSelfServiceRegistrationFlowForBrowserssubmitSelfServiceRegistrationFlowwithCredentials Copy code
sdk.initializeSelfServiceRegistrationFlowForBrowsers(undefined, {
withCredentials: true,
}) Copy code
sdk.submitSelfServiceRegistrationFlow(id, payload, {
withCredentials: true,
})enough-winter-51484
01/14/2022, 8:41 PMI searched for the SDK repo, and maybe default settings for axios, looking for creating a PR. But did not found it,
h
high-optician-2097
01/15/2022, 9:31 AM
@User could you create a discussion with all the context and maybe screenshots from your dev console showing the cookies? It's so difficult to get the context in slack 😕 You can link it here and ping us, we are back in office on monday 🙂
e
enough-winter-51484
01/15/2022, 9:39 AMYes, but in which repo? It is solved by the withCredentials option in the sdk.
h
high-optician-2097
01/15/2022, 9:42 AM
Ah! Ok 🙂 I didn't see that. If you solved it, maybe add it to the docs in Ory Kratos where you would expect it?
5 Views