Hi, we’re getting this error logging in as an artist:

Forbidden - CSRF token invalid

We have a new upload ready to go, we thought initially it might be wordpress issues. We tried as well in incognito mode, still the same response, so unlikely it’s cookie/browser based.

Thoughts? Help? Words of Wisdom? Coffee coupons?

Thank you!

Hey @crunchfactory, thanks for the bug report! Could you link where you're seeing the CSRF token invalid error?

Uhhh, easier to deal with github for sure; as stated in the forum, here's the deal, when I’m not an international man of mystery, I’m a java developer from wayyy back, I’ve tried multiple browsers, including incognito, etc… same response. could it be account based? Wordpress… ugh. I’m not seeing any UI errors in the console either… nada.

Sorry can’t be of more assistance. 99.99999% of the time this kind of thing is a cache/cookie issue.

Ah weird that it's happening in incognito too. @auggod do you have any ideas?

So, I McGoogled, I figured stack would have something, seems to reside around the rest api call:

https://stackoverflow.com/questions/42439795/csrf-403-forbidden-invalid-csrf-token

https://www.adoclib.com/blog/invalid-csrf-token-when-resetting-password.html

@crunchfactory could you try logging in starting here: https://stream.resonate.coop/discover

And then if that doesn't work, also clearing the cookies on stream.resonate.coop as well?

I'll DM you on the forum to get your email address

Hiya! "Forbidden - CSRF token invalid" on both, I did them both from an incognito window.

I wonder what would happen if I let the system reset my credentials?

@crunchfactory worth trying!

Ok, so I did the whole 'reset my pw' dealy-o.

https://id.resonate.coop/profile?login_redirect_uri=%2Fweb%2Fpassword-reset&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImluZm9AamVmZm1pY2hhZWxzLmNvbSIsInJlZmVyZW5jZSI6Ijc4MTI0ZWY5LTg3ZWUtNDY3My05MDg3LWUzOTI3YzA2NWIxYSIsImV4cCI6MTY2MjAzOTI4OX0.OXT0aG_jZbSf--Ys-m28fq9GnaI0oEkZeawBP6ERCwk

It brought me to this page, with no content whatsoever, just headers and footers:

Ok, so this 100% seems to be an issue with my account in particular.

After fully resetting everything, "Forbidden - CSRF token invalid"

Can you guys DM me on the forum, I can send you my credentials and you can debug locally to see where it's falling apart? If that's not possible, open up SQL Developer and take a look at the table with my account in it to see what's different?

Can you guys DM me on the forum

Already did!

I am having exactly the same problem after signing up as an artist, even if I log in from a different browser which has not visited resonate.coop before. If I press "Finish login" I get the "Forbidden - CSRF token invalid" error, If I go to "Profiel" I get the blank page. Please let me know, if you need further details.

There's been another report of the same https://community.resonate.coop/t/error-when-logging-in-as-artist-forbidden-csrf-token-invalid/3233/7?u=psi

I'm having the exact same issue, new artist account

I have deleted cookies as recommended in the forum. The "Forbidden - CSRF token invalid" error is gone, but the "Profile" page is still empty. If I go to "Update your account" -> "Update" -> "Checkout" I get the following JSON error

{"code":"parameter_invalid_empty","doc_url":"https://stripe.com/docs/error-codes/parameter-invalid-empty","status":400,"message":"You passed an empty string for 'line_items'. We assume empty values are an attempt to unset a parameter; however 'line_items' cannot be unset. You should remove 'line_items' from your request or supply a non-empty value.","param":"line_items","request_id":"req_7dS8Kr3TcUoMIq","type":"invalid_request_error"}

#31 Is a potential fix for this issue.