Invalid CSRF token using flag.link_builder service

Created on 22 May 2020, over 4 years ago
Updated 8 January 2024, 12 months ago

I have a REST route that returns a list of user accounts. I have a flag setup called 'following' as you can follow and unfollow other members. In my REST route, I use:

$flag_link = \Drupal::service('flag.link_builder')->build('user', $member->id(), 'following');

which generates the link correctly as far as I can tell. In my javascript object I can see the link that was created. This is an example of the JS object of a user that I use on the front end:

0:
  flag_link:
    #access: true
    #action: "flag"
    #attached: {placeholders: {…}, library: Array(1)}
    #attributes: {title: "", href: "/flag/flag/following/3?destination&token=FS3qUJ8qDXd5aIqcn1lM459kYsfNuC5b_iePn_E1V5g", class: Array(1)}
    #cache: {contexts: Array(1), tags: Array(0), max-age: -1}
    #flag: {id: "following", label: "Following"}
    #flaggable: {}
    #theme: "flag"
    #title: {#markup: "Follow this person"}
  id: "3"
  name: "ronnie"
  url: "/user/3"

When I go to click the link it 403 forbiddens with the message message: "'csrf_token' URL query argument is invalid."

Any idea what I am doing wrong?

🐛 Bug report
Status

Needs review

Version

4.0

Component

Flag core

Created by

🇺🇸United States rondog469

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024