Forbidden - CSRF token invalid

[kek-wait-w]

Is there an existing issue for this?

• [X] I have searched the existing issues

Current Behavior

I want to pass a token in headers but when I send a request my token is always null.

This is how I connect csrf in main

csrfMiddleware := csrf.Protect([]byte("qwnbjb13jbhb12j3bjbbj"))
mainRouter.Use(csrfMiddleware)

serverPort := ":" + os.Getenv("SERVER_PORT")
logs.Logger.Info("starting server at ", serverPort)

err = http.ListenAndServe(serverPort, mainRouter)
if err != nil {
	logs.LogFatal(logs.Logger, "main", "main", err, "Failed to start server")
}
logs.Logger.Info("server stopped")

} Here I try to write in header func NewAuthHandler(authMwRouter *mux.Router, mainRouter *mux.Router, u domain.AuthUsecase) { handler := &AuthHandler{ AuthUsecase: u, }

mainRouter.HandleFunc("/api/v1/auth/login", handler.Login).Methods(http.MethodPost, http.MethodOptions)
mainRouter.HandleFunc("/api/v1/auth/register", handler.Register).Methods(http.MethodPost, http.MethodOptions)

} func (a *AuthHandler) Register(w http.ResponseWriter, r *http.Request) { w.Header().Set("X-CSRF-Token", csrf.Token(r))

And when I send a request, I always get 403 URL: http://localhost:8080/api/v1/auth/register Method: POST Status code: 403 Forbidden ( service worker) URL : strict-origin-when-cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: POST,OPTIONS Access-Control-Allow-Origin: http://localhost Content-Length: 31 Content-Type: text/plain; charset=utf-8 Date: Mon, 06 Nov 2023 11:27:57 GMT X-Content-Type-Options: nosniff Content-Type: application/json;charset=utf-8 Referer: http://localhost/ Sec-Ch-Ua: "Chromium";v="118", "Google Chrome";v="118", "Not=A?Brand";v="99" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "macOS" User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 X-Csrf-Token: null

Expected Behavior

No response

Steps To Reproduce

No response

Anything else?

No response