You are using CakePHP 3 right? (maybe I should have asked this earlier).
yeah, my project is setup with 3.7.9
Could you try it using the “incognito” mode of your browser?
Incognito mode: Error Log still says the same.
Tried a chrome plugin(Allow-Control-Allow-Origin: *) which i used when i got CSRF problems locally, but error still remains.
If I understand the stack correctly. You are using CakePHP as a backend API whilst connecting it with a front end framework…
You will need CSRF token, which means the page from where you are posting will need a way to get the csrf token before the call begins.
Secondly, Allow control allow origin.
The cors issue can be resolved once you return correct cors response.
https://book.cakephp.org/3.0/en/controllers/request-response.html#setting-cross-origin-request-headers-cors
Thanks for your answer! Yeah, you got the stack right.
So what i could do is: send a get request from my frontend to cakePhp requesting the CSRF token and then add the recevied CSRF token to my POST request header?
Exactly!
But the get request must call for the same action which will process the form. Just in-case.
Sorry for my late answer, but i didn’t have any time to test it until now.
karmicdice was exactly right and it worked right away, very much thanks to you.