CSRF token is not accepted on metamask mobile app browser

[uraxlizard]

Description Ajax post request is returning 'Page Expired' when you try to use metmask mobile app browser on Android. On iOS is working. A registration/login flow was created with web3 auth. It was used csrf in order to protect requests, but metmask browser is not accepting them.

To Reproduce Try to make post request with csrf(cors). Bare in mind that this problem occurs only on android devices.

Expected behavior It is expected to be able to capture CSRF and complete the request as expected.

Smartphone:

• Device: Samsung Galaxy S22 Ultra
• OS: Android 12
• App Version v5.6.1(967)

---

to be added after bug submission by internal support / PM Severity

• This is a major critical bug as, metamask auth can not be integrated for android users via web3

[tommasini]

Probably related to https://github.com/MetaMask/metamask-mobile/issues/4979

[cortisiko]

Thanks for reporting @uraxlizard! can you try to reproduce on v5.8 or v5.9?

[chrisleewilcox]

@omnat need product review. See @sethkfman for details.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity in the last 90 days. It will be closed in 7 days. Thank you for your contributions.

[github-actions[bot]]

This issue was closed because it has been stalled for 7 days with no activity. If you feel this was closed in error please reopen and provide evidence on the current production app. Thank you for your contributions.