Mobile development issue - Can't verify CSRF token authenticity

X_Code · May 16, 2020, 6:36am

Hi,
I am trying to develop mobile app for discourse using flutter.
I sent GET request of /session/csrf.json to get a csrf token in my mobile app. Next I added header x-csrf-token to send a POST request to upload avatar.

Server log is:

Started POST "/uploads.json" for 98.199.193.94 at 2020-05-16 04:34:48 +0000
Processing by UploadsController#create as JSON
  Parameters: {"type"=>"avatar", "user_id"=>"639", "files"=>[#<ActionDispatch::Http::UploadedFile:0x00007f0b57b32478 @tempfile=#<Tempfile:/tmp/RackMultipart20200516-783-12pa37a.jpg>, @original_filename="image_picker_CE009BE9-D964-459D-B59C-ABE78F1CC5DF-20639-0000AE2EE903C2FC.jpg", @content_type="application/octet-stream", @headers="content-disposition: form-data; name=\"files[]\"; filename=\"image_picker_CE009BE9-D964-459D-B59C-ABE78F1CC5DF-20639-0000AE2EE903C2FC.jpg\"\r\ncontent-type: application/octet-stream\r\n">]}
Can't verify CSRF token authenticity.

So what is the right way to get valid csrf token for mobile app?

Topic		Replies	Views
[API] "Can't verify CSRF token authenticity" when attempting to update avatar for user dev rest-api	0	691	September 8, 2022
Login - Can't verify CSRF token authenticity dev	1	2374	March 18, 2016
CSRF on /login security alert from security scans installation	6	1778	December 19, 2018
Log error: "Can't verify CSRF token authenticity" support	5	2523	March 23, 2015
Improve BAD CSRF error message when making API calls with content-type application/json dev	4	3782	September 14, 2020

Mobile development issue - Can't verify CSRF token authenticity

Related Topics