CSRF-Enabled API Calls Stuck in Pending State

Wappler Version: 6.7
Operating System: Windows 11
Server Model: NodeJS 20
Database Type: Postgres
Hosting Type: Docker

Expected behavior

API calls with CSRF enabled should be processed correctly without getting stuck in the pending state.

Actual behavior

API calls with CSRF enabled are stuck in the pending state as observed in the network tab.

How to reproduce
Follow the global setup for CSRF and meta tags for CSRF as mentioned in this article (Using CSRF Tokens).
Make API calls that utilize CSRF, ex: POST
Observe that all API calls with CSRF are stuck in the pending state in the network tab.

Additional Information

  • This issue was identified after the update to version 6.7 and applying the latest changes.
  • The problem seems to be caused by changes in the lib/setup/routes.js file.

Looks like the changes made to the lib/setup/routes.js file in the latest updates are causing the API calls to fail.

Unrelated but the only time i have experienced pending states was related to redis.
Are you using it?

Hi @Hyperbytes,

I had already checked that; it was my first guess. However, after reverting the latest changes made to /lib/setup/routes.js, CSRF seems to work fine, i.e., 403 on CSRF failure and correct responses on valid CSRF.

1 Like

Could you give me the working routes.js file? Thank you :slight_smile:

Hi @Apple,
Sure,
routes_fixed.zip (2.6 KB)

@patrick Issue is the missing next() call in the updated file.

3 Likes

I'm having the same issue on multiple domains, any form related activity is timing out with no console errors. I've disabled CSRF (which solves the issue) until we have a remedy.

Thanks, that probably got removed accidentally with the rate limiter implementation. Will be fixed with the next update.

3 Likes

I thought "inline updates" were supposed to move fixes like these faster. Instead, people have to wait for a Wappler update?

1 Like

This has been fixed in an inline update indeed :slight_smile:

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.