TransWikia.com

Sprig/Snaptcha CSRF issue/question

Craft CMS Asked on October 4, 2021

We have a site using Sprig and Snaptcha. One of our forms is always returning a 400 error "Unable to verify your data submission" which is usually a CSRF issue but thought Sprig takes care of CSRF?

The only solution seems to be disabled CSRF validation so suppose question is:

  1. if we are using Snaptcha on POST form submissions would that be sufficient (eg is CSRF needed), and
  2. any thoughts why sprig might be generating or submitting an incorrect CSRF token?

Cheers

Cole

One Answer

From your code sample it looks like you may be using Blitz to cache the page, in which case this is likely neither a Sprig issue nor a Snaptcha issue. A CSRF token is a dynamic token which should not be statically cached. You would normally use the {{ craft.blitz.csrfInput() }} tag but since you are using Sprig, I'd recommend you look into implementing the dynamic content example instead of using the craft.blitz tags.

As an aside for future reference, you'll get better support if you can post an issue in the appropriate Github repository along with code samples and the specific version numbers of the plugins in question.

Answered by Ben Croker on October 4, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP