Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Can't trigger X-XSRF-TOKEN header to be sent with a POST
See original GitHub issueSummary
Can’t trigger X-XSRF-TOKEN header to be sent with a POST:
https://stackoverflow.com/questions/52863990/x-xsrf-token-header-with-axios
Context
- axios version: e.g.: v0.18.0
- Environment: axios with vue.js
Issue Analytics
- State:
- Created 5 years ago
- Reactions:6
- Comments:11
Top Results From Across the Web
Request header field X-CSRFToken is not allowed by Access ...
If you are making a call to a third party server, for the preflight request, the response header should contain Access-Control-Allow-Headers: X-CSRF-Token ......
Read more >Sending CSRF Token From Postman REST Client | Baeldung
In the Headers tab, let's add a new parameter called X-XSRF-TOKEN and the value set to xsrf-token. X-XSRF-TOKEN is the header for the...
Read more >CSRF tokens | Web Security Academy - PortSwigger
CSRF tokens can prevent CSRF attacks by making it impossible for an attacker to construct a fully valid HTTP request suitable for feeding...
Read more >Cross Site Request Forgery protection - Django documentation
Requests via 'unsafe' methods, such as POST, PUT, and DELETE, can then be protected by the steps outlined in How to use Django's...
Read more >How to avoid CSRF errors with axios and Django?
Making CSRF-enabled AJAX requests with Django is a frequent stumbling block. The site gets suspicious and rejects your JS-based requests, as the CSRF...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hi @ghenry
For me, that solved it.
https://github.com/axios/axios/issues/876#issuecomment-309871930
Hope it can help!
Besides of
withCredentialsas @pascalboucher mentioned, you may check whether they are HttpOnly or Secure, and scopes of cookies. Read more in MDN about which kind of cookies can be Javascript accessed. Closed due to not an issue of axios.