Home > Blockchain >  Cross-site POST form submissions are forbidden
Cross-site POST form submissions are forbidden

Time:09-23

My sveltekit app has a form which sends a POST request to server. The app is working fine on dev server but when I build and run the app it fails to send the form data via POST request. It shows the following error in the browser:

Cross-site POST form submissions are forbidden

CodePudding user response:

This is a built-in protection against cross-site request forgery attacks in Sveltekit. Set csrf to false in svelte.config.js to allow cross-site post requests.

See csrf in the Sveltekit configuration docs

import adapter from '@sveltejs/adapter-node'

const config = {
    kit: {
        adapter: adapter(),
        csrf: false,
    },
}

export default config

CodePudding user response:

You have to set the the ORIGIN env var like this

ORIGIN=http://localhost:3000 node build/index.js

https://github.com/sveltejs/kit/tree/master/packages/adapter-node#origin-protocol_header-and-host_header

Page link:https//www.codepudding.com/Blockchain/554293.html

Prev:Can I make a Quart app do a redirect after a background task finishes?
Next:Bigquery: WHERE clause using column from outside the subquery
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding