You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
just spent couple of hours on trying to resolve some weird behaviour when using react-hook-form with csrf feature of remix-utils. It seems that useForm from react-hook-form is returning data enclosed with double quotes ("). So when using csrf.validate(request) it fails on this line:
// if the body csrf token doesn't match the session csrf token, throw an
// error
if (formData.get(this.formDataKey) !== cookie) {
throw new CSRFError("mismatched_token", "Can't verify CSRF token authenticity.");
}
because the cookie string is without double qoutes and formData.get(this.formDataKey) is with double quotes...example:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi there,
just spent couple of hours on trying to resolve some weird behaviour when using react-hook-form with csrf feature of remix-utils. It seems that
useFormfrom react-hook-form is returning data enclosed with double quotes ("). So when usingcsrf.validate(request)it fails on this line:because the
cookiestring is without double qoutes andformData.get(this.formDataKey)is with double quotes...example:So it might be good to strip leading and trailing double quotes if they are present is csrf token string....
Beta Was this translation helpful? Give feedback.
All reactions