Failed to read secret cookie in setup function

Question

Failed to read secret cookie in setup function

tochoromero opened this issue 2 years ago · 0 comments

I hit a weird edge case were the getServerSideProps function get executed twice:
vercel/next.js#13064

The problem is there seems to be a bug in the getSecret function. For some reason it does a toLowerCase on the tokenKey which makes it so it fails to read the existing csrfSecret cookie and it just create a new one, this created a race condition for me when I had a POST call happen to my Next server in between the two setup calls and the XRSF-TOKEN created by the POST call was created with wrong secret. Just removing the toLowerCase will fix the issue.