Recently I wrote a Dockerfile to build and run our Phoenix app in a container in production mode.
When running it locally, everything seemed to work, but when I tried to submit a form, I got a CSRF token error.
My colleague Scott Hamilton figured out that the problem was this bit of configuration for the session -
secure: Mix.env() == :prod. I wasn’t’ running https locally, but my containerized Phoenix app was configured not to accept cookies in that case.
The solution was to set that
secure: configuration at runtime based on an environment variable, so that I could waive that requirement when running “production” in a local container. (Another option would be to actually run HTTPS locally.)
Just wanted to leave a note about this in case anybody else runs into the problem.