Closed blue-axolotl closed 5 years ago
Can you elaborate please?
In the password reset view, at the top of the form theres @csrf and . They both do the same thing.
@csrf and "".
Okay, it won't let me post the HTML syntax. :) You know what I mean though, it's just a hidden input element with the token set as the value.
@blue-axolotl If you are referring the line below, this is actually the password reset token, not the CSRF token.
@DivineOmega That's why I was confused, I haven't touched the password reset page so it must be something else causing the error
@blue-axolotl There shouldn't be token input conflicts either, as @csrf
creates an input of _token
iirc.
Make sure your reset code is correct and in your database.
@blue-axolotl Side-note: to post code, surround it by ticks (`).
I didn't realise you had to use a password reset token. I apologise for the confusion. Removing the second token on fermacell stopped it from throwing an authorisation error though.
Makes sense. Try to ensure that that hasn't taken away authorisation logic that should be implemented :)
Otherwise we might end up with it allowing you to reset anyones password or something.
The password reset form has two CSRF tokens: one in the blade syntax (@csrf), and the other in HTML syntax (hidden input element).