We’ve recently upgraded from an old version of CakePHP (3.10) to CakePHP (4.3).
Since then using the CSRF functionality causes the ‘[CakeHttpExceptionInvalidCsrfTokenException] Missing or incorrect CSRF cookie type.’ error.
In the Application.php part of the core we’ve added;
public function middleware($middlewareQueue): CakeHttpMiddlewareQueue
{
$middlewareQueue
// Catch any exceptions in the lower layers,
// and make an error page/response
->add(new ErrorHandlerMiddleware(Configure::read('Error')))
// Handle plugin/theme assets like CakePHP normally does.
->add(new AssetMiddleware([
'cacheTime' => Configure::read('Asset.cacheTime'),
]))
// Add routing middleware.
// Routes collection cache enabled by default, to disable route caching
// pass null as cacheConfig, example: `new RoutingMiddleware($this)`
// you might want to disable this cache in case your routing is extremely simple
->add(new RoutingMiddleware($this, '_cake_routes_'))
// Parse various types of encoded request bodies so that they are
// available as array through $request->getData()
// https://book.cakephp.org/4/en/controllers/middleware.html#body-parser-middleware
->add(new BodyParserMiddleware())
// Cross Site Request Forgery (CSRF) Protection Middleware
// https://book.cakephp.org/4/en/security/csrf.html#cross-site-request-forgery-csrf-middleware
->add(new CsrfProtectionMiddleware([
'httponly' => false,
]));
return $middlewareQueue;
}
I did some digging and cleaning the cookies works (Client sided) but most of the traffic we get are webhooks from different clients. Is there a way to reset the cookies so that these webhooks can come through without generating the error?