Looked through the phoenix documentation and I couldn’t find any information on how to deal with invalid CSRF token using :protect_from_forgery.
Currently I have a typeform webhook that makes a POST request to my API whenever someone completes my form.
In my router.ex file I have this:
if Mix.env() in [:dev, :test] do
import Phoenix.LiveDashboard.Router
scope "/" do
pipe_through [:fetch_session, :protect_from_forgery]
post "/", ApiWeb.PageController, :index
live_dashboard "/dashboard", metrics: ApiWeb.Telemetry
end
end
When I tested my webhook, my API returned a 403 error saying invalid CSRF token.
When I removed :protect_from_forgery, my API returns a 201.
What I’m trying to do is include :protect_from_forgery and still return a 201 from the typeform webhook call. What am I supposed to do?