2 years ago
I'm posting to the same host
screenshot included
Origin:
https://ponytron-frontend-production.up.railway.app
Referer:
https://ponytron-frontend-production.up.railway.app/
13 Replies
2 years ago
what kind of frontend site is this? what's the tech stack?
Sveltekit. The error is coming from railway proxy I think though. I don't see the error in my logs
2 years ago
can you send a link to where i could reproduce this error?
Visit the url I included add try to login with any username password doesn't matter
2 years ago
on railway your app sits behind a proxy so i think the Sveltekit server is not reading the host correctly and thus is thinking you are doing a post request from a different domain, or something along those lines.
look into getting Sveltekit to trust the proxy headers.
2 years ago
awsome, would you mind sharing the config change needed?
disabled csrf in svelte.config.js:
kit: {
// adapter-auto only supports some environments, see https://kit.svelte.dev/docs/adapter-auto for a list.
// If your environment is not supported or you settled on a specific environment, switch out the adapter.
// See https://kit.svelte.dev/docs/adapters for more information about adapters.
adapter: adapter(),
csrf: {
checkOrigin: false
}
}I'm not using it anyway but probably not the best. there are env variables you can set at https://kit.svelte.dev/docs/adapter-node#environment-variables but I didn't go that route
2 years ago
alright, thank you!
2 years ago
that's entirely up to you