I’m trying to set up API on Cakephp 3.7 so I can acces with REST Api call from another app but keep running into “Missing CSRF token cookie” error. I’ve tried everything I could find but still have not been able to get it to work. Anyone have any suggestions of something I might have overlooked. I’ve installed the plugin to manage CORS. I’ve tried to disable CORS but the error keeps coming from the middleware. Not sure what I’m doing wrong.
CORS and CSRF are two completely different things. Is your API running over Ajax or regular requests?
That’s probably why I’m struggling. I thought they were related. I was using ajax and after struggling with that I started testing it with a curl call and got the same error. Thanks for the reply.
Actually I had disabled CSRF protection in the routes.php file and I was still getting the error.
Search your code for references to CSRF. You’ve either got the component or the middleware activated somewhere. People have this question all the time, and it’s always because they have it turned on in a place they didn’t think of.
Thanks, I’ll dig into the code a little deeper.
I know this is 4 years ago. Just encountered it today, I though might help others with same issue:
I use this solution: Security - 3.10
And still encountered the issue. What solved the problem is you need to clear the cache.
via terminal: bin/cake cache clear_all