R
Railwayβ€’4mo ago
π•―π–Šπ–’π–”π–“

Cross-site POST form submissions are forbidden [bug] same site

I'm posting to the same host screenshot included Origin: https://ponytron-frontend-production.up.railway.app Referer: https://ponytron-frontend-production.up.railway.app/
No description
Solution:
disabled csrf in svelte.config.js: ``` kit: { // adapter-auto only supports some environments, see https://kit.svelte.dev/docs/adapter-auto for a list....
Jump to solution
13 Replies
Percy
Percyβ€’4mo ago
Project ID: ae09b251-66fd-498b-8797-816b32b39aea
π•―π–Šπ–’π–”π–“
π•―π–Šπ–’π–”π–“β€’4mo ago
ae09b251-66fd-498b-8797-816b32b39aea
Brody
Brodyβ€’4mo ago
what kind of frontend site is this? what's the tech stack?
π•―π–Šπ–’π–”π–“
π•―π–Šπ–’π–”π–“β€’4mo ago
Sveltekit. The error is coming from railway proxy I think though. I don't see the error in my logs
Brody
Brodyβ€’4mo ago
can you send a link to where i could reproduce this error?
π•―π–Šπ–’π–”π–“
π•―π–Šπ–’π–”π–“β€’4mo ago
Visit the url I included add try to login with any username password doesn't matter
Brody
Brodyβ€’4mo ago
on railway your app sits behind a proxy so i think the Sveltekit server is not reading the host correctly and thus is thinking you are doing a post request from a different domain, or something along those lines. look into getting Sveltekit to trust the proxy headers.
π•―π–Šπ–’π–”π–“
π•―π–Šπ–’π–”π–“β€’4mo ago
K thx yeah it was on my end, working now
Brody
Brodyβ€’4mo ago
awsome, would you mind sharing the config change needed?
Solution
π•―π–Šπ–’π–”π–“
π•―π–Šπ–’π–”π–“β€’4mo ago
disabled csrf in svelte.config.js: 
    kit: {
        // adapter-auto only supports some environments, see https://kit.svelte.dev/docs/adapter-auto for a list.
        // If your environment is not supported or you settled on a specific environment, switch out the adapter.
        // See https://kit.svelte.dev/docs/adapters for more information about adapters.
        adapter: adapter(),
        csrf: {
            checkOrigin: false
        }
    }
    kit: {
        // adapter-auto only supports some environments, see https://kit.svelte.dev/docs/adapter-auto for a list.
        // If your environment is not supported or you settled on a specific environment, switch out the adapter.
        // See https://kit.svelte.dev/docs/adapters for more information about adapters.
        adapter: adapter(),
        csrf: {
            checkOrigin: false
        }
    }
I'm not using it anyway but probably not the best. there are env variables you can set at https://kit.svelte.dev/docs/adapter-node#environment-variables but I didn't go that route
Brody
Brodyβ€’4mo ago
alright, thank you!
Slaven
Slavenβ€’2mo ago
Is it safe to not check origin?
Brody
Brodyβ€’2mo ago
that's entirely up to you
Want results from more Discord servers?
Add your server
More Posts
Node-Vad needs Python. How to dokerfile now?I saw someone getting help moving to a dockerfile deploy. Not sure how to go forawrd with this I'JavaScript Heap Out of MemoryTrying to deploy a `bun` application and getting the following heap overflow error: https://gist.gipythonanywherehey guys im running a python file on the pythonanywhere server. This script interacts with my mysql RAM costs of MySQL and Java app compared to a React app.Hello. I have a project with three services: MySQL DB, Java + Spring Boot back-end, and a React froCron job to run script: Add separate service or not?Hi, I have a website running on railway with django and a postgress database. I have a separate pythNixpacks deploy entrypoint emptyhello! I am trying to deploy a nixpacks app but for some reason the entrypoint is being set to an emSporadic Request failed with status: 503I have a NextJs build where I pull in data from a Strapi CMS instance. This goes well half the time,Use 2 volume to the same serviceProjectid:1f0e0f1d-f76e-4cd8-bb12-a46ed6c91f73 It is possible to use more than 1 volume when the apMongo Keeps CrashingA few weeks ago, Mongo crashed and would not restart. I was advised to upgrade to hobby but did not Railway Production Readiness ChecklistHi All- The docs seem comprehensive, but I got lost going through all the steps. It would help to ha