Hi everyone! I have a question about the CSRF Token. On my local machine i get this error:

The CSRF token is invalid. Please try to resubmit the form.

(In all forms login, register, add to cart …) The point is, that this is working for my colleagues on their machine and local env and also on production and staging just not on my machine. Any ideas? Do i need to change anything in the configuration? Thanks!

Does also Production not work on your local machine or is it just your local environment? If there are no differences between yours and your colleagues codebase, it also could be an interruption in the browser (e.g. by an extension) Could you verify if there is a corresponding hidden input element in the DOM present for the CSRF token? E.g.

<input id="loginForm__token" name="loginForm[_token]" class="input input--expand" type="hidden" placeholder="" value="ec5cc50dc5ba61ab58f4.E-CUH5uxUCQibLjEi4ydYyKQMbG-oyZmWlvN36n1H_Y.Ktn5fqzHBRx6IdKT-8L-NUTaY4HGm35UCmurpfnHbY9ljtVz68sdQHczjA">

You can also check if you are not overwriting block

form_end

from

vendor/symfony/twig-bridge/Resources/views/Form/form_div_layout.html.twig

, since

{{ form_rest(form) }}

adds the CSRF Token add the form end

Maybe Spryker can't set Cookies. Please check the Response Headers and make sure the cookie domain is configured to the one matching your environment. In Chrome you'll see ⚠️ next to set-cookie if there's something wrong. Config key probably would be something like

\Spryker\Shared\Session\SessionConstants::YVES_SESSION_COOKIE_DOMAIN