https://www.ory.sh/ logo
s

some-scooter-3723

01/13/2022, 5:42 PM
hello, I have kratos setup and runs well for some weeks until I got csrf mismatch error lately. I did review page https://www.ory.sh/kratos/docs/next/debug/csrf/ and found this content:
Copy code
We do not recommend running them on separate subdomains, e.g. <https://kratos.my-website/> and <https://secureapp.my-website/>.
Why do you have that recommendation? just currently I set it up like that way. In case I continue with that way, is there any advice for me to get rid of csrf issue? Thanks so much.
h

high-optician-2097

01/13/2022, 5:50 PM
The recommendation is a bit outdated. You need to make sure to set the cookie domain correctly. Would you be up to fix the documentation here so it becomes clearer? 🙂
s

some-scooter-3723

01/14/2022, 2:00 PM
Ok @User, but let I check and resolve our csrf issue first. I'll contact you again if I can reproduce issue
2 Views