https://supertokens.com/ logo
try refresh token issue
c

Chimanos

04/03/2023, 9:37 AM
Hi; After moving around some code (some currifying, refactors and middlewares extraction); I'm getting a strange behavior with
verifySession
- For `GET`s, I'm getting a 200 - For anything but a
GET
, I'm getting a
{ message: "Try refresh token" }
Any known issues of this sort ?
r

rp

04/03/2023, 9:40 AM
hey @Chimanos this usually happens when the anti-csrf token is missing from the request, as that's only needed for non GET requests. Our frontend SDK should take care of adding the anti-csrf token on its own, but if you are using postman, then you will need to add it to request yourself. You can find the anti-csrf token in the response headers for the sign in API and / or session refresh API calls.
c

Chimanos

04/03/2023, 9:40 AM
> Our frontend SDK should take care of adding the anti-csrf token on its own, but if you are using postman, then you will need to add it to request yourself. Great catch. Thanks
If I'd like to disable entirely anti-csrf for development only; can you confirm I should set (here https://supertokens.com/docs/emailpassword/common-customizations/sessions/anti-csrf) -
"NONE"
for development -
"VIA_TOKEN"
(or maybe just
undefined
?) for producton
r

rp

04/03/2023, 10:14 AM
Yea - that works. Set
undefined
for production.
And
none
for development