I want pages to be available for offline usage through a Service Worker, so that the application can be installed as a PWA.
The problem is that I have forms on those pages using CSRF tokens, and those tokens get (I guess) expired at some point. When trying to submit a form with a CSRF token on a page that has been stored a few days ago in the cache, I get the following error:
invalid CSRF (Cross Site Request Forgery) token, make sure all requests include a valid ‘_csrf_token’ param or ‘x-csrf-token’ header
I’m coming to the conclusion that I can’t store those pages offline; but even my homepage has a form… almost all pages of this app have a form.
So I’d rather have to disable the plug at all; but then I’m not sure to what security risks I expose my app. Or maybe I have to disable the date expiration part of the plug only, is that even possible though?
What is my best option? Any ideas are welcome.