Closed bayramorhan closed 11 months ago
Can you please provide a reproduction link ?
If you redirect the user (via the server) back to the current page, this should help. Assuming, you are doing server-side rendering.
If your interface follows the same-origin policy with cookie mechanism, after the first successful request, the server regenerates the CSRF token and sets it in the response header with "Set-Cookie."
If your interface employs cross-origin policy, using the browser OPTIONS mechanism, the server generates the CSRF token and includes it in the response header with "Set-Cookie" when handling the OPTIONS request.
It works perfect for the first time that request is sent.
But it throws CSRF Token Mismatch error after sending the request second time (with the same csrf token). How to refresh csrf token for second request?