<https tca0 nl 1QU> Ory Community #talk-kratos

Join Slack

<https://tca0.nl/1QU>

# talk-kratos

chilly-dentist-11746

07/21/2022, 6:07 PM

https://tca0.nl/1QU

high-optician-2097

07/21/2022, 6:09 PM

If you could open a discussion or issue with some context (list API calls, show headers / cookies, or provide a XHR replay file) that would be perfect! Otherwise it’s difficult to understand what’s going on

chilly-dentist-11746

07/21/2022, 6:32 PM

yeah sure

chilly-dentist-11746

07/21/2022, 6:37 PM

https://github.com/ory/kratos/discussions/2610

chilly-dentist-11746

07/21/2022, 6:51 PM

I think it redirects because of a 403

chilly-dentist-11746

07/21/2022, 6:53 PM

Copy code

{
  error: {
    id: 'security_csrf_violation',
    code: 403,
    status: 'Forbidden',
    request: 'ce4c623b-30a6-9aa4-aed7-9dfd4416d0a2',
    reason: 'Please retry the flow and optionally clear your cookies. The request was rejected to protect you from Cross-Site-Request-Forgery (CSRF) which could cause account takeover, leaking personal information, and other serious security issues.',
    details: {
      docs: '<https://www.ory.sh/kratos/docs/debug/csrf>',
      hint: 'The anti-CSRF cookie was found but the CSRF token was not included in the HTTP request body (csrf_token) nor in the HTTP Header (X-CSRF-Token).',
      reject_reason: 'The HTTP Cookie Header was set and a CSRF token was sent but they do not match. We recommend deleting all cookies for this domain and retrying the flow.'
    },
    message: 'the request was rejected to protect you from Cross-Site-Request-Forgery'
  }
}

chilly-dentist-11746

07/21/2022, 6:59 PM

i think the problem is mixing http and https

Open in Slack

Previous Next