-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MissingCSRF: on Update() call #11336
Comments
We could not detect a valid reproduction link. Make sure to follow the bug report template carefully. Why was this issue closed?To be able to investigate, we need access to a reproduction to identify what triggered the issue. We need a link to a public GitHub repository. Example: (NextAuth.js example repository). The bug template that you filled out has a section called "Reproduction URL", which is where you should provide the link to the reproduction.
What should I do?Depending on the reason the issue was closed, you can do the following:
In general, assume that we should not go through a lengthy onboarding process at your company code only to be able to verify an issue. My repository is private and cannot make it publicIn most cases, a private repo will not be a sufficient minimal reproduction, as this codebase might contain a lot of unrelated parts that would make our investigation take longer. Please do not make it public. Instead, create a new repository using the templates above, adding the relevant code to reproduce the issue. Common things to look out for:
I did not open this issue, but it is relevant to me, what can I do to help?Anyone experiencing the same issue is welcome to provide a minimal reproduction following the above steps by opening a new issue. I think my reproduction is good enough, why aren't you looking into it quickly?We look into every issue and monitor open issues for new comments. However, sometimes we might miss a few due to the popularity/high traffic of the repository. We apologize, and kindly ask you to refrain from tagging core maintainers, as that will usually not result in increased priority. Upvoting issues to show your interest will help us prioritize and address them as quickly as possible. That said, every issue is important to us, and if an issue gets closed by accident, we encourage you to open a new one linking to the old issue and we will look into it. Useful Resources |
Environment
System:
OS: Windows 11 10.0.22631
CPU: (24) x64 12th Gen Intel(R) Core(TM) i9-12900KS
Memory: 16.97 GB / 31.79 GB
Binaries:
Node: 20.13.1 - C:\Program Files\nodejs\node.EXE
npm: 9.6.2 - C:\Program Files\nodejs\npm.CMD
Browsers:
Edge: Chromium (126.0.2592.87)
Internet Explorer: 11.0.22621.3527
npmPackages:
next: 14.1.0 => 14.1.0
next-auth: ^5.0.0-beta.19 => 5.0.0-beta.19
react: ^18 => 18.2.0
Reproduction URL
No repro url.
Describe the issue
Scenario:
https://authjs.dev/reference/core/errors#missingcsrf
User logs in.
Soon after login a component mounts that takes data from the session to navigate away use this session data as a param
Part of this process includes the Update() function.
The initial login would throw this error on server side.
And on client side.
Subsequent navigations / signout / signins seem okay so it seems to be some kind of race condition maybe?
Adding a hardcoded timeout in the client component seems to support this. Has anyone else encountered this?
Is there any way I can wait or pass/access this cookie earlier?
How to reproduce
No steps to reproduce.
Expected behavior
Expect update to be able to run after login.
The text was updated successfully, but these errors were encountered: