Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
try refresh token issue
c
Chimanos
04/03/2023, 9:37 AMHi;
After moving around some code (some currifying, refactors and middlewares extraction); I'm getting a strange behavior with
verifySessionGET{ message: "Try refresh token" }r
rp
04/03/2023, 9:40 AMhey @Chimanos this usually happens when the anti-csrf token is missing from the request, as that's only needed for non GET requests.
Our frontend SDK should take care of adding the anti-csrf token on its own, but if you are using postman, then you will need to add it to request yourself.
You can find the anti-csrf token in the response headers for the sign in API and / or session refresh API calls.
c
Chimanos
04/03/2023, 9:40 AM> Our frontend SDK should take care of adding the anti-csrf token on its own, but if you are using postman, then you will need to add it to request yourself.
Great catch. Thanks
For reference in this thread : https://supertokens.com/docs/emailpassword/testing/testing-with-postman#2-session-verification
If I'd like to disable entirely anti-csrf for development only; can you confirm I should set (here https://supertokens.com/docs/emailpassword/common-customizations/sessions/anti-csrf)
-
"NONE""VIA_TOKEN"undefinedr
rp
04/03/2023, 10:14 AMYea - that works. Set
undefinedAnd
none