search

jnawk / Quart-Discord

Discord OAuth2 extension for Quart. An Easier implementation of "Log In With Discord".
MIT License
22 stars 18 forks source link

(mismatching_state) CSRF Warning! State not equal in request and response. #27

Open ZentixUA opened 1 year ago

ZentixUA commented 1 year ago

My code

@app.route('/callback')
async def callback():
    logger.info("1")
    try:
        logger.info("2")
        if await discord.authorized:
            logger.info("3")
            return redirect(url_for('index'))
        logger.info("4")
        await discord.callback()
        logger.info("5")
        next_url = session.pop('next_url', '/')
        logger.info("6")
        return redirect(next_url)
    except AccessDenied as e:
        logger.info("7")
        return await render_template('auth_cancel.html')
    except DecodeError as e:
        logger.info(f"callback() error: {e}")
        return await render_template("use_normal_browser.html")

@app.errorhandler(Unauthorized)
async def redirect_unauthorized(e):
    session['next_url'] = request.url
    return await discord.create_session()

(loggers for debug)

Im getting:

2023-03-19 06:32:41,148 - LOGGER - INFO - 1
2023-03-19 06:32:41,149 - LOGGER - INFO - 2
2023-03-19 06:32:41,149 - LOGGER - INFO - 4
2023-03-19 06:32:41,149 - LOGGER - INFO - Some error: (mismatching_state) CSRF Warning! State not equal in request and response.
ZentixUA commented 1 year ago

This does not always happen, only the first time - with our user