CsrfToken mismatch with proper token?

Hii there,

I’m trying to get my app to submit something with XHR to an API my app exposes through a plugin.
Everything shows up fine in my request but I still get a token mismatch.
I’ve looked at a form on my website as well to make sure the token lines up with what said form would send and it does.

However, somehow, the form itself can send it just fine but my XHR gets a CsrfToken mismatch…
I can’t tell it to “not use csrf” here either because it just ignores that (and I don’t want to bother the user of this plugin with manually adding it to the whitelist in his/her project).

how are you sending XHR request? show code, i dont see _csrfToken in POST Data in your screenshot

It’s in the Cookie section.
(highlighted in the first screenshot).

you need to send both cookie and field in post data (or header)

1 Like

Oh, alright, I didn’t know that.
Thanks :slight_smile:

Seems to have worked :slight_smile:
Now getting a “Missing Controller” error, which is more obvious to fix :slight_smile: