Forbidden (CSRF token from the 'X-Csrftoken' HTTP header has incorrect length.): /two_factor/verification/

[pulse-mind]

Hi

Thank you for your job.

It was working perfectly on my dev environment but not on production.
I think the difference is that I am using everything very secure:

SESSION_COOKIE_SECURE="True"
SESSION_COOKIE_HTTPONLY="True"
CSRF_COOKIE_HTTPONLY="True"
SECURE_BROWSER_XSS_FILTER="True"
DJANGO_SECURE_SSL_REDIRECT="True"
X_FRAME_OPTIONS="DENY"

In the log I get
Forbidden (CSRF token from the 'X-Csrftoken' HTTP header has incorrect length.): /two_factor/verification/

When I inspect the request in the browser on the PUT request, in the request header I have :
x-csrftoken: undefined

I am not sure but may be this is a way : https://docs.djangoproject.com/fr/4.0/ref/csrf/#setting-the-token-on-the-ajax-request

Also you may add in the documentation to allow PUT request on the webserver for this URL /two_factor/verification/ .

[imankarimi]

@pulse-mind Thanks for your issue. sure I will check this out, and I let you know when it's finished. ;)

[pulse-mind]

Hi @imankarimi did you find enough time to look at my request ?