I've noticed that when JS component makes calls to authorise (/api/v1/authn) its got an empty header in the request called 'X-Okta-XsrfToken'.
Should that be set or is it defunct?
Asked
Active
Viewed 353 times
1 Answers
0
It's a bug - X-Okta-XsrfToken isn't needed in the /authn requests. I've filed this issue for the team to fix: https://github.com/okta/okta-signin-widget/issues/359
remanc
- 205
- 2
- 10