I'm not sure of this is a bug or I'm missing something. But Tobi (which is otherwise excellent) seems to be sending a CSRF_COOKIE header that doesn't match anything in the cookieJar.
I'm positing a form using Tobi's submit() that fails CSRF verification (a regular desktop browser works fine).
The issue seems to be a difference between the form cookie and the HTTP Header.
However, my server received the following from Tobi's in its HTTP headers:
'CSRF_COOKIE': '347767c1a4baef48ab0272ca6ccfdf5f'
Where did the CSRF_COOKIE value come from (or more to the point, why can't I see it in cookieJar?) Has anyone encountered anything similar in the past?
Hi there,
I'm not sure of this is a bug or I'm missing something. But Tobi (which is otherwise excellent) seems to be sending a CSRF_COOKIE header that doesn't match anything in the cookieJar.
I'm positing a form using Tobi's submit() that fails CSRF verification (a regular desktop browser works fine). The issue seems to be a difference between the form cookie and the HTTP Header.
Gives:
[ { str: 'csrftoken=8a09c3f0b62939458018f74020c6744e; expires=Thu, 14-Feb-2013 15:26:31 GMT; Max-Age=31449600; Path=/', name: 'csrftoken', csrftoken: '8a09c3f0b62939458018f74020c6744e', expires: Thu, 14 Feb 2013 15:26:31 GMT, 'Max-Age': '31449600', Path: '/', value: '8a09c3f0b62939458018f74020c6744e' }, { str: 'sessionid=d82a0a4a691481df3fb72b8f3b9e4d8a; expires=Thu, 01-Mar-2012 15:26:31 GMT; Max-Age=1209600; Path=/', name: 'sessionid', sessionid: 'd82a0a4a691481df3fb72b8f3b9e4d8a', expires: Thu, 01 Mar 2012 15:26:31 GMT, 'Max-Age': '1209600', Path: '/', value: 'd82a0a4a691481df3fb72b8f3b9e4d8a' } ]
However, my server received the following from Tobi's in its HTTP headers:
Where did the CSRF_COOKIE value come from (or more to the point, why can't I see it in cookieJar?) Has anyone encountered anything similar in the past?
Thanks,
Mike