Hello,
I’ve built a frontend app using Frappe UI Starter (Vue + Vite) that connects with our Frappe backend.
In development, I was able to bypass CSRF errors by adding this in site_config.json
:
"ignore_csrf": 1
But in production, I am still getting the following error even though CSRF should be handled automatically:
{
"exc_type": "CSRFTokenError",
"_server_messages": "[\"{\\\"message\\\": \\\"Invalid Request\\\", \\\"title\\\": \\\"Message\\\", \\\"indicator\\\": \\\"red\\\", \\\"raise_exception\\\": 1, \\\"__frappe_exc_id\\\": \\\"e5d1eb1a7693bc1f761a259b6669512665d45aeb67710d0c9a1d2275\\\"}\"]"
}
However, CSRF protection isn’t working in our production environment. Normally, it should be handled automatically. Is there anything additional we need to configure for production?