Contrib.social

Deepchat bot doesn't work for anonymous user

Open on Drupal.org →
Created on 5 February 2025, 17 days ago

Problem/Motivation

My goal is for the anonymous user to access and use the chatbot. Currently there's an whenever the anonymous user sends a message in the Deepchat-block:

Path: /api/deepchat?token=xxx. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: 'csrf_token' URL query argument is invalid. in Drupal\Core\Routing\AccessAwareRouter->checkAccess() (line 118 of /var/www/html/web/core/lib/Drupal/Core/Routing/AccessAwareRouter.php).

This can be 'fixed' by removing the requirement for `_csrf_token` in the route (see patch), but probably that's not ideal.

🐛 Bug report
Status

Active

Version

1.1

Component

Other Submodules

Created by

🇩🇪Germany dotist

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @dotist
  • Comment 17 days ago
    🇩🇪Germany dotist
  • Comment 17 days ago
    🇩🇪Germany marcus_johansson

    The CSRF token must stay for security reasons, this sounds like a caching issue or that a session perhaps needs to start. We have it working for anonymous users on other websites.

    Could you answer if you have bigpipe installed and what caching/cdn modules you might have installed, so we can try to replicate this.

  • Comment 17 days ago
    🇩🇪Germany dotist

    Thanks for your quick response! Indeed, after removing the CSRF token, loading the bot and then re-adding the token, the bot still works. So it's something to do with caching or timing.

    The problem is in a local DDEV container using:
    * Internal Dynamic Page Cache
    * Internal Page Cache

  • Comment 5 days ago
    🇮🇳India anjaliprasannan

    @dotist @marcus_johansson We have the chatbot working for anonymous user. I tried without the patch and its working for both authorized and anonymous user.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024