I have integrated Svelte with PHP they are running on the same server but running in different directories. It easier this way for development.
It is working well and the client loves it but I cannot get the csrf token working on posts from Svelte so I have disabled csrf middleware which is not ideal.
In this section of the docs
https://book.cakephp.org/4/en/controllers/middleware.html#csrf-protection-and-ajax-requests
it says
" The CSRF Token can be obtained in JavaScript via the Cookie csrfToken
"
To this end I have tried
csrf_cookieValue = document.cookie
.split('; ')
.find(row => row.startsWith('csrfToken'))
.split('=')[1];
xhr.setRequestHeader('X-CSRF-Token', csrf_cookieValue);
But the cookie value does not match when I try to do a POST.
Any Suggestions?