Erro 403, id:'security_csrf_violation' #338
-
|
Hi, what's up? I'm having a hard time in a production environment. What's happening is that I'm getting error 403, forbidden, with the id: "security_csrf_violation". ]The url of my application: https://netlify.myftp.org/ One question, apart from my problem, do I need to use the ory proxy https://www.ory.sh/docs/guides/cli/proxy-and-tunnel even if the application is already in production? Attached are images that will help a lot in understanding my problem. I'm Brazilian, so I'm sorry if my translation isn't the best.
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
myftp.org is on the public suffix list and we thus can not set cookies for that top-level-domain. See also the heroku docs on this. If you want to keep using myftp.org your app has to run on separate sub-sub domains like: and then set the cookie domain to @vinckr since this is the second user running into the PSL can you please document this in here: https://www.ory.sh/docs/troubleshooting/csrf Thanks! |
Beta Was this translation helpful? Give feedback.
-
|
Is the domain that comes before "ory." really like that, i.e. does it have to be the 'ory.' domain? Or is it just an example? |
Beta Was this translation helpful? Give feedback.
-
|
Example |
Beta Was this translation helpful? Give feedback.
-
|
Documentation: ory/docs#1542 |
Beta Was this translation helpful? Give feedback.
myftp.org is on the public suffix list and we thus can not set cookies for that top-level-domain. See also the heroku docs on this.
If you want to keep using myftp.org your app has to run on separate sub-sub domains like:
and then set the cookie domain to
app.myftp.com.@vinckr since this is the second user running into the PSL can you please document this in here: https://www.ory.sh/docs/troubleshooting/csrf
Thanks!