Group Group Group Group Group Group Group Group Group

Chapter 20 - CSRF Token


Is anyone else having a problem with the csrfToken when trying to edit an acronym?

I’ve followed the Session section of the book in Chapter 20 and when it comes to testing I can create an acronym successfully, but when I try to edit the acronym I receive the following error:

{“error”:true,“reason”:“Value of type ‘String’ required for key ‘csrfToken’.”}

I printed the token so the output looks like this:

Server starting on http://localhost:8080
This is the token in createAcronymHandler: CRrYZWVonbPorleaP0cuKw==

The following two print statements were also from createAcronymPostHandler…

data.csrfToken: CRrYZWVonbPorleaP0cuKw==
Expected token: Optional(“CRrYZWVonbPorleaP0cuKw==”)
**[ ERROR ] DecodingError.typeMismatch: Value of type ‘String’ required for key ‘csrfToken’.

Can anyone help me get this sorted?

Many thanks. :slight_smile:

@0xtim Can you please help with this when you get a chance? Thank you - much appreciated! :]


The decoding error means it can’t find a value for csrfToken. Take a look at your edit handlers (editAcronymHandler and editAcronymPostHandler) to make sure they are dealing with the token in the same way that the create handlers did. Also, look at the EditAcronymContext.

Good luck!

@andy4202 are you passing the CSRF token to the form so it’s sent in the POST request?

I know, I’m late with this question, but I just completed the same chapter. And I think the book doesn’t mention that “WebsiteController.swift” has to import Crypto to generate the CSRF-Token, am I right?
If you don’t import it, it doesn’t generate a token for you and csrfToken is a empty string and Leaf handles it as “not set”. And when it’s not set, it doesn’t send one at the Post Request.

I think it is not really the problem of the thread starter (as the Token gets generated according to his console output) but it might occur at some future reader.