No connection to socket without CSRF Token

I am trying to send curl requests to my phoenix app but I am having trouble with the CSRF tokens.

I am happy to just remove this protection (this is a small test app and security isn’t an issue) but when I remove plug :protect_from_forgery from the router.ex then the app keeps giving errors:
[debug] LiveView session was misconfigured or the user token is outdated.

If I remove <%= csrf_meta_tag() %> from the root.html.ex page then I don’t get any more errors but the socket doesn’t connect.

Is there a way to get the live view socket to connect without having plug :protect_from_forgery present?
Or is there an easy way to get curl request to work with csrf tokens?

Thanks

Yes. You need to get rid of everything regarding sessions. See here for an example:

Whether this is ok security wise is up to you. For most applications, it may be easier to have duplicated routes for api access:

  pipeline :browser do
    plug :accepts, ["html"]
    plug :fetch_session
    plug :fetch_flash
    plug :protect_from_forgery
    plug :put_secure_browser_headers
  end

  pipeline :api do
    plug :accepts, ["html", "json"]
  end

Thanks but that just gives a new error:
** (ArgumentError) cannot fetch session without a configured session plug

Like I said before:

You need to get rid of everything regarding sessions.

Sorry I understand now. I have set up a duplicate route for api access.

Thank you