flask-wtf icon indicating copy to clipboard operation
flask-wtf copied to clipboard

Published 20 hours ago verified publisher icon wtforms

'REMEMBER_COOKIE_HTTPONLY' causes "The CSRF tokens do not match" on mobile Firefox

Open Lvl4Sword opened this issue 2 years ago • 1 comments

I've noticed that when enabling 'REMEMBER_COOKIE_HTTPONLY' within the config dict, it causes "The CSRF tokens do not match" in a POST request specifically for mobile Firefox. ~~Non-mobile works just fine, as does Chromium.~~ Those appear to also be affected.

  1. Set 'REMEMBER_COOKIE_HTTPONLY' within the config dict
  2. Go to a page that has a CSRF token and do a post request
  3. It fails with a "The CSRF tokens do not match"

The POST request should complete just fine

Environment:

  • Python version: 3.8.10
  • Flask-WTF version: 1.0.1
  • Flask version: 2.1.2

Lvl4Sword avatar May 23 '22 14:05 Lvl4Sword

I've a similar issue when enabling 'SESSION_COOKIE_SECURE' (even if using http) from a client in the LAN, but working from localhost client)

Environment:

Python version: 3.11.15 Flask-WTF version: 1.1.1 Flask version: 2.3.3

DarkRedman avatar Oct 22 '23 00:10 DarkRedman