Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Conversation

MTau314
Copy link

@MTau314 MTau314 commented Jul 26, 2021

Fixed CSRF authorization error

ueberauth_failure: %Ueberauth.Failure{
      errors: [
        %Ueberauth.Failure.Error{
          message: "Cross-Site Request Forgery attack",
          message_key: :csrf_attack
        }
      ],
      provider: :discord,
      strategy: Ueberauth.Strategy.Discord
    }

@schwarz
Copy link
Owner

schwarz commented Aug 23, 2021

Do you rely on ueberauth version 0.6.3? Otherwise we could upgrade to 0.7 and use the new CSRF protection helpers that were added.

Reference upgrades in other strategies:

@schwarz
Copy link
Owner

schwarz commented Jan 25, 2022

Should be handled by #14

@schwarz schwarz closed this Jan 25, 2022
@sergiotapia
Copy link

Hi, I'm using latest:

{:ueberauth, "~> 0.9.0"},
{:ueberauth_discord, "~> 0.7.0"}

But I'm still seeing this error. Is there something I need to set or configure so that this works and I don't get the CSRF error?

[info] request_id=FvIecvHGJx04R6UAAGLi user_id=40020f61-71c7-491a-a3cb-dd0c84d0b676 Unable to log in. Error: %Ueberauth.Failure{errors: [%Ueberauth.Failure.Error{message: "Cross-Site Request Forgery attack", message_key: :csrf_attack}], provider: :discord, strategy: Ueberauth.Strategy.Discord}.

@schwarz
Copy link
Owner

schwarz commented May 24, 2022

I can't seem to reproduce this locally in ueberauth/ueberauth_example. Are you getting this error after authorising on Discord? Does the URL include the state parameter?

@sergiotapia
Copy link

My apologies @schwarz - we were doing some shenanigans with the session that caused some collision with ueberauth. Nothing to do with your Discord strategy.

To would be Googlers, make sure you look into what you're doing with your session before ueberauth steps in.

@schwarz
Copy link
Owner

schwarz commented May 25, 2022

No worries!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants