jorenvanhee
commented
10 months ago Are you sure the problem is CSRF related? Also, can you confirm that Cloudflare is not caching the login and destination pages? You could check the response headers (CF-Cache-Status) in your dev tools (https://developers.cloudflare.com/cache/concepts/default-cache-behavior/#cloudflare-cache-responses).
I implemented everything successfully, but after deploying it to my production site, there seems to be no way to bypass the static caching from Cloudflare. The template does not cache the login.php. I explicitly used {%nocache%} (through the plugin) for the form part (although this should not be necessary). I deployed cache bypass rules on Cloudflare both for the login and the final URI. Nothing really helps. With Formie, I had the same problem, and they came up with a solution in their documentation, re-injecting the CRSF token via JS after the document was loaded (see https://verbb.io/craft-plugins/formie/docs/template-guides/cached-forms#refreshing-csrf-token-and-captchas), but they are using their own calls. Is there any similar solution I can use for your Plugin? Thanks.