sheharyaar commented on issue #9373: URL: https://github.com/apache/apisix/issues/9373#issuecomment-1851680374
@thor533 , i tested with the same image `apisix 2.15-alpine`, for me even with the default name, the second request gives "csrf token mismatch". This is because for every request, a new token is generated and sent via `Set-Cookie` header. Hence for every request you must read the token from the cookie. Since you are using the same `test` cookie, it blocks your request. The docs mention that clearly : https://apisix.apache.org/docs/apisix/plugins/csrf/#enable-plugin  Moreover, in the image you attached, the Cookie set by postman is different from the `test` value :  -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
