/register endpoint returns 400 "CSRF Token is missing" even when supplying the CSRF token

[lilz-egoto]

With the json api, the register endpoint returns a 400 "CSRF Token is missing" even when supplying the CSRF Token.

My configuration:

app.config["SECURITY_CSRF_COOKIE_NAME"] = "ZZ-CSRF-Token-ZZ"
app.config["SECURITY_CSRF_HEADER"] = "ZZ-CSRF-Token-ZZ"
app.config["SECURITY_CSRF_PROTECT_MECHANISMS"] = ["session"]
app.config["WTF_CSRF_TIME_LIMIT"] = None
app.config["WTF_CSRF_CHECK_DEFAULT"] = False
app.config["SECURITY_CSRF_IGNORE_UNAUTH_ENDPOINTS"] = False

Code that hits the endpoint

  const csrf_token = await getCSRFToken();

  await axios(URL, {
    data: data,
    method: "POST",
    headers: { "Content-Type": "application/json", [CSRF_HEADER_NAME]: csrf_token },
      withCredentials: true
  })

I've used the same code to login and reset a password so it seems the register endpoint has a bug

[lilz-egoto]

I have a PR ready, but running into an issue with the pre-commit hook

[jwag956]

make sure you are using something like python 3.10 for the pre-commit....

Also - does this PR fix #870 as well?

[lilz-egoto]

No it shouldn't. I can probably get around to that as well in a separate pr