Describe the bug
I am following the bff tutorial and the logout endpoint seems to have an issue when using a PUT method. The request is ended with a 403 FORBIDDEN code and the response is: An expected CSRF token cannot be found.
This leads to NOT triggering the logout process for cognito or auht0 providers.
To make it works we need to disable csrf but I guess this is not the goal.
Expected behavior
According to your tutorial and source code, is making PUT and POST requests working with cookie_accessible_from_js csrf option really possible?
Describe the bug I am following the bff tutorial and the logout endpoint seems to have an issue when using a PUT method. The request is ended with a 403 FORBIDDEN code and the response is:
An expected CSRF token cannot be found
.This leads to NOT triggering the logout process for cognito or auht0 providers.
To make it works we need to
disable csrf
but I guess this is not the goal.Expected behavior According to your tutorial and source code, is making PUT and POST requests working with
cookie_accessible_from_js
csrf option really possible?