Fund: Bug: Mandatory CSRF header hard to fill in javascript

Bug: Mandatory CSRF header hard to fill in javascript

Description

Hi today, CSRF request client to both send the cookie and a header however I have trouble to send the header since the cookie is a httpOnly one that I can't access in my javascript app. I don't understand why we need both, why is it mandatory, and if it is, how should I process to retrieve the cookie value to feed the header ?

Steps to reproduce

1. Run `document.cookie` when there is a CSRF token in a web browser
2. Find out we can't retrieve it, so we can't feed the CSRF header

Litestar Version

2.12.1

Platform

Linux
Mac
Windows
Other (Please specify in the description above)

Litestar/litestar

Bug: Mandatory CSRF header hard to fill in javascript

Description

Steps to reproduce

Litestar Version

Platform

How does funding with Polar work?

Backer

Contributor

Maintainer

Litestar/litestar

Bug: Mandatory CSRF header hard to fill in javascript

Description

Steps to reproduce

Litestar Version

Platform

How does funding with Polar work?

Backer

Why does "Fund on completion" require GitHub login?

When is the invoice due for "Fund on completion"?

What happens if the issue is never completed?

Do I get any extra benefits by funding?

Do I get progress updates?

Contributor

Do I get a reward?

Is rewards guaranteed?

Maintainer

How can I get funding like this for my open source initiatives?