adonisjs / transmit

A Server-Sent-Event module for AdonisJS
MIT License
71 stars 5 forks source link

Transmit doesn't work with CSRF enabled #18

Closed nxtdv closed 6 months ago

nxtdv commented 6 months ago

Package version

1.0.0

Describe the bug

When CSRF is enabled (including enableXsrfCookie), the client is able to subscribe to the server, but logs indicate an invalid or expired CSRF token.

image image

Let me know if you need more information.

Reproduction repo

No response

RomainLanz commented 6 months ago

Hey @nxtdv! 👋🏻

It seems that you are targeting an IP address inside your local network, cookie do not work on ip address. Either create a domain or disable the CSRF protection for Transmit routes.

nxtdv commented 6 months ago

Thank you sm 🙌

That should work better!