CSRF verification failed. Request aborted

Hi all!
When trying to recover a lost password, in some cases we get this message: (on koa master)


It is correct, the browser had cookies disabled and, after allowing cookies for all sites, the message disappeared and the form worked well.

However, for non-skilled users, this can be annoying. I’ve seen some browsers disabling cookies for default after installation.
Is it possible to remove this requirement somehow?

1 Like

@andres, disabling CSRF verification does not sound like a good idea, as it protects users against Cross Site Request Forgeries. A nice way of handling this could be creating a custom view for the CSRF failure with links to different browsers so that users would be informed how they can enable the cookies in their environment. However, this is currently not implemented in Open edX. If you would like some help with developing this feature, please reach out to us at Open edX Platform Support & Help | OpenCraft.