CSRFTokenError in Production with Frappe UI Starter (Frontend App)

Hello,

I’ve built a frontend app using Frappe UI Starter (Vue + Vite) that connects with our Frappe backend.

In development, I was able to bypass CSRF errors by adding this in site_config.json:

"ignore_csrf": 1

But in production, I am still getting the following error even though CSRF should be handled automatically:

{
    "exc_type": "CSRFTokenError",
    "_server_messages": "[\"{\\\"message\\\": \\\"Invalid Request\\\", \\\"title\\\": \\\"Message\\\", \\\"indicator\\\": \\\"red\\\", \\\"raise_exception\\\": 1, \\\"__frappe_exc_id\\\": \\\"e5d1eb1a7693bc1f761a259b6669512665d45aeb67710d0c9a1d2275\\\"}\"]"
}

:point_right: However, CSRF protection isn’t working in our production environment. Normally, it should be handled automatically. Is there anything additional we need to configure for production?