Looked through the phoenix documentation and I couldn’t find any information on how to deal with invalid CSRF token using :protect_from_forgery.
Currently I have a typeform webhook that makes a POST request to my API whenever someone completes my form.
In my router.ex file I have this:
if Mix.env() in [:dev, :test] do import Phoenix.LiveDashboard.Router scope "/" do pipe_through [:fetch_session, :protect_from_forgery] post "/", ApiWeb.PageController, :index live_dashboard "/dashboard", metrics: ApiWeb.Telemetry end end
When I tested my webhook, my API returned a 403 error saying invalid CSRF token.
When I removed :protect_from_forgery, my API returns a 201.
What I’m trying to do is include :protect_from_forgery and still return a 201 from the typeform webhook call. What am I supposed to do?