I have come across several solutions in the forum, but I’m unsure if they can help me with the issue of making the first POST request when there is no active session in Frappe, and therefore, no CSRF token.
I am using an external frontend to create my web app with Vue and Frappe-UI. During development, everything works perfectly, and it connects seamlessly to the Frappe backend. I can even log in and log out without needing to use the backend’s view.
The problem arises when I move to production because enabling the CSRF token is recommended. At that point, my app starts to fail. To obtain the CSRF token, I need to have an active session. However, I want to be able to log in from my web app without having an active session, which prevents me from sending a POST request.
I am currently using Frappe’s own login method in my web app. However, the requirement of the CSRF token makes it impossible for me to use the login functionality of my web app when there is no active session.
Important details to consider are that both the frontend and backend are served on the same domain, specifically “127.0.0.1”. The Frappe bench is in production mode, and the frontend is located in a folder next to the backend. The production build is generated inside the backend’s “public/frontend” folder, and im using the latest frappe version.
To begin with, I am unsure if it is even possible to have an external login when facing the CSRF token problem.
Thanks for your time!!