AlexCatch
commented
5 years ago Can you elaborate please?
Closed blue-axolotl closed 5 years ago
AlexCatch
commented
5 years ago Can you elaborate please?
blue-axolotl
commented
5 years ago In the password reset view, at the top of the form theres @csrf and . They both do the same thing.
blue-axolotl
commented
5 years ago @csrf and "".
blue-axolotl
commented
5 years ago Okay, it won't let me post the HTML syntax. :) You know what I mean though, it's just a hidden input element with the token set as the value.
DivineOmega
commented
5 years ago @blue-axolotl If you are referring the line below, this is actually the password reset token, not the CSRF token.
AlexCatch
commented
5 years ago @DivineOmega That's why I was confused, I haven't touched the password reset page so it must be something else causing the error
dextermb
commented
5 years ago @blue-axolotl There shouldn't be token input conflicts either, as @csrf creates an input of _token iirc.
Make sure your reset code is correct and in your database.
DivineOmega
commented
5 years ago @blue-axolotl Side-note: to post code, surround it by ticks (`).
blue-axolotl
commented
5 years ago I didn't realise you had to use a password reset token. I apologise for the confusion. Removing the second token on fermacell stopped it from throwing an authorisation error though.
jaredkove
commented
5 years ago Makes sense. Try to ensure that that hasn't taken away authorisation logic that should be implemented :)
Otherwise we might end up with it allowing you to reset anyones password or something.
The password reset form has two CSRF tokens: one in the blade syntax (@csrf), and the other in HTML syntax (hidden input element).