JWT in Cookies - Missing CSRF Token

Question

JWT in Cookies - Missing CSRF Token

denjas opened this issue 3 years ago · 1 comments

Hi everyone!
Please help me figure it out.
Why the example from the manual JWT in Cookies does not work? The copied and run code gives the same error message for /logout and /refresh: "detail": "Missing CSRF Token"
Tried it in several popular browsers.

  File "/home/denja/projects/gts2/src/gts/routers/auth.py", line 46, in __call__
    Authorize.jwt_required()
  File "/home/denja/.local/share/virtualenvs/gts2-k6IAi1d4/lib/python3.9/site-packages/fastapi_jwt_auth/auth_jwt.py", line 702, in jwt_required
    self._verify_and_get_jwt_in_cookies('access',self._request)
  File "/home/denja/.local/share/virtualenvs/gts2-k6IAi1d4/lib/python3.9/site-packages/fastapi_jwt_auth/auth_jwt.py", line 561, in _verify_and_get_jwt_in_cookies
    raise CSRFError(status_code=401,message="Missing CSRF Token")
fastapi_jwt_auth.exceptions.CSRFError

Answer 1 · 2021-08-31T12:15:38.000Z

You can refer to this issue #29 You probably need to set the X-CSRF-TOKEN from the client based on the value of csrf-access-token in the cookie.