How to deal with the Anti-forgery cookie in Bubble.
I am facing the problem in which I am unable to upload a file. This file upload process needs a POST method to be run and then generate the output in JSON form. However, this POST method needs cookie and CSRF token in the Header of the method. I am getting these token and cookie from 2 other API’s, which are ‘login’ and ‘generate token’. I am getting this error while I am trying to upload a file from Bubble’s API connector. See the error.
I strongly believe that API’s AspNet anti-forgery token is preventing cookie re-creation (in other words prevents hijacking);
I believe, Bubble should have a way to deal with anti-forgery tokens and passing session/cookie in the more elegant way.
Did anybody have this kind of issue earlier?
The error said at the end: ‘meant for a different user than the current user’. Maybe is the clue? I only guess here as you have not receiving any answer yet… 
1 Like
Thanks for commenting @JohnMark, I have tested the same methods in Postman as well. Things are working fine there. Only in Bubble that kind of error, I am facing. This is weird.
Also when I am logging in the user, passing the same username and password which I’m providing in the Postman.
When I got some weird stuff, I usually test on a different OS, different computer and different network, just to be sure. Often 
isn’t Bubble, but another conflict. After that, I send a bug report if it’s not solved with a working bug.
1 Like
Try explicitly setting the content-type. If that doesn’t work you might consider posting your api connector settings so people can take a look.
haha, seems like I also need to send a bug report.
Because I have done all the experiments which were supposed to be done like different OS and computer.
I have some weird outputs while I am getting the responses. When I generate the Token in Postman, it gives me the Token in 199 lengths of characters and when I generate the Token in the Bubble, it generates the Token in 156 lengths of characters.
Also when I am using the Token, generating from the Postman and uses it in the Bubble method, it works. But the Token of 156 lengths of characters doesn’t.
I am clueless now. 
