Closed gaud2029 closed 10 months ago
Hi @gaud2029,
Could you elaborate? Thanks.
I cannot reproduce the problem I had anymore so I guess this can be closed.
Basically some request were made as "application/json" and some other were made as "text/html"
I was having a 302 redirect and noticed that the request went through when I was adding those endpoint to the CSRF middleware exceptions array.
The only endpoint that was working was the "configure" endpoint.
the accept-all and essentials are using content-type text/html. it's not inject any csrf token information in the call so the calls is redirected with a 302.
You need to add these endpoint to the csrf middleware exceptions list.