'REMEMBER_COOKIE_HTTPONLY' causes "The CSRF tokens do not match" on mobile Firefox

Question

'REMEMBER_COOKIE_HTTPONLY' causes "The CSRF tokens do not match" on mobile Firefox

Opened this issue 3 years ago · 1 comments

I've noticed that when enabling 'REMEMBER_COOKIE_HTTPONLY' within the config dict, it causes "The CSRF tokens do not match" in a POST request specifically for mobile Firefox. ~~Non-mobile works just fine, as does Chromium.~~ Those appear to also be affected.

Set 'REMEMBER_COOKIE_HTTPONLY' within the config dict
Go to a page that has a CSRF token and do a post request
It fails with a "The CSRF tokens do not match"

The POST request should complete just fine

Environment:

Python version: 3.8.10
Flask-WTF version: 1.0.1
Flask version: 2.1.2

Answer 1 · 2023-10-22T00:08:15.000Z

I've a similar issue when enabling 'SESSION_COOKIE_SECURE' (even if using http) from a client in the LAN, but working from localhost client)

Environment:

Python version: 3.11.15
Flask-WTF version: 1.1.1
Flask version: 2.3.3