Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

'REMEMBER_COOKIE_HTTPONLY' causes "The CSRF tokens do not match" on mobile Firefox #521

Open
Lvl4Sword opened this issue May 23, 2022 · 1 comment
Labels

Comments

@Lvl4Sword
Copy link

Lvl4Sword commented May 23, 2022

I've noticed that when enabling 'REMEMBER_COOKIE_HTTPONLY' within the config dict, it causes "The CSRF tokens do not match" in a POST request specifically for mobile Firefox. Non-mobile works just fine, as does Chromium. Those appear to also be affected.

  1. Set 'REMEMBER_COOKIE_HTTPONLY' within the config dict
  2. Go to a page that has a CSRF token and do a post request
  3. It fails with a "The CSRF tokens do not match"

The POST request should complete just fine

Environment:

  • Python version: 3.8.10
  • Flask-WTF version: 1.0.1
  • Flask version: 2.1.2
@azmeuk azmeuk added the csrf label Jul 25, 2023
@DarkRedman
Copy link

DarkRedman commented Oct 22, 2023

I've a similar issue when enabling 'SESSION_COOKIE_SECURE' (even if using http) from a client in the LAN, but working from localhost client)

Environment:

Python version: 3.11.15
Flask-WTF version: 1.1.1
Flask version: 2.3.3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

3 participants