R
Railway9mo ago
nandi

Cross-site POST form submissions are forbidden [bug] same site

Solution:
disabled csrf in svelte.config.js: ``` kit: { // adapter-auto only supports some environments, see https://kit.svelte.dev/docs/adapter-auto for a list....
Jump to solution
13 Replies
Percy
Percy9mo ago
Project ID: ae09b251-66fd-498b-8797-816b32b39aea
nandi
nandiOP9mo ago
ae09b251-66fd-498b-8797-816b32b39aea
Brody
Brody9mo ago
what kind of frontend site is this? what's the tech stack?
nandi
nandiOP9mo ago
Sveltekit. The error is coming from railway proxy I think though. I don't see the error in my logs
Brody
Brody9mo ago
can you send a link to where i could reproduce this error?
nandi
nandiOP9mo ago
Visit the url I included add try to login with any username password doesn't matter
Brody
Brody9mo ago
on railway your app sits behind a proxy so i think the Sveltekit server is not reading the host correctly and thus is thinking you are doing a post request from a different domain, or something along those lines. look into getting Sveltekit to trust the proxy headers.
nandi
nandiOP9mo ago
K thx yeah it was on my end, working now
Brody
Brody9mo ago
awsome, would you mind sharing the config change needed?
Solution
nandi
nandi9mo ago
disabled csrf in svelte.config.js:
kit: {
// adapter-auto only supports some environments, see https://kit.svelte.dev/docs/adapter-auto for a list.
// If your environment is not supported or you settled on a specific environment, switch out the adapter.
// See https://kit.svelte.dev/docs/adapters for more information about adapters.
adapter: adapter(),
csrf: {
checkOrigin: false
}
}
kit: {
// adapter-auto only supports some environments, see https://kit.svelte.dev/docs/adapter-auto for a list.
// If your environment is not supported or you settled on a specific environment, switch out the adapter.
// See https://kit.svelte.dev/docs/adapters for more information about adapters.
adapter: adapter(),
csrf: {
checkOrigin: false
}
}
I'm not using it anyway but probably not the best. there are env variables you can set at https://kit.svelte.dev/docs/adapter-node#environment-variables but I didn't go that route
Brody
Brody9mo ago
alright, thank you!
Slaven
Slaven8mo ago
Is it safe to not check origin?
Brody
Brody8mo ago
that's entirely up to you
Want results from more Discord servers?
Add your server