-
-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF Token Mismatch #32
Comments
The same issue |
It sounds like you need to exclude your webhooks from being checked for CSRF tokens, but I have never had this issue. Please provide a working example repo that demonstrates this issue, if you would like me to look into this. At this point I have nothing to go on. |
Well, Apple sends back a POST request without the CSRF Token Laravel is expecting. I personally added the CSRF as a nonce parameter which is sent back by Apple and check it manually. In
What I have not figured out yet is how to define |
The same issue |
@mirko77 @gustafsilva Could either of you provide an example test repo that demonstrates this issue? |
I tried this and it works for me, thanks @mirko77 |
Hi!
When the callback returns from the apple servers I get a 419 error from Laravel. Disabling the VerifyCsrfToken middleware fixes this but is obviously not a fix.
Laravel framework version: v8.13.0
laravel-sign-in-with-apple version: 0.5.0
socialite version: 5.1.0
My naive guess is that this is actually a laravel, apple or configuration issue as the request somehow returns with a POST instead of a GET with the state token in the request instead of the header.
The text was updated successfully, but these errors were encountered: