Confirmation broke, probably when the new confirmation button was added

When the confirmation button is clicked I see this error:

Plug.CSRFProtection.InvalidCSRFTokenError at POST /auth/user/confirm_new_user
invalid CSRF (Cross Site Request Forgery) token, please make sure that:

  * The session cookie is being sent and session is loaded
  * The request include a valid '_csrf_token' param or 'x-csrf-token' header

Plug.CSRFProtection.InvalidCSRFTokenError at POST /auth/user/confirm_new_user
invalid CSRF (Cross Site Request Forgery) token, please make sure that:

  * The session cookie is being sent and session is loaded
  * The request include a valid '_csrf_token' param or 'x-csrf-token' header

To get around this I have to add a new pipeline without protect_from_forgery in it for the auth routes. I generated a new project and added Ash Auth and it didn't add that, so I'm not sure what is causing this issue, any insight is appreciated.

2 Replies

barnabasj•2mo ago

I do think I remember having a similar problem and it was because the page wasn't rendered within the root layout which adds the csrf stuff in the head of the html Not 100% sure what caused it though. let me know if that leads you in the right direction. otherwise it needs some digging

JustinOP•2mo ago

Even though the routes for auth run through the browser pipeline, where the plug :put_root_layout, html: {BptwlWeb.Layouts, :root} resides, that root layout doesn't seem to be included in the page with the confirm button. It looks like that confirmation form is taken directly from the deps/ash_authentication/lib/ash_authentication/add_ons/confirmation/confirmation_form.html.eex

Gaming

Programming

Confirmation broke, probably when the new confirmation button was added

Did you find this page helpful?