This topic will walk you through how to handle an invalid CSRF token error message.
This topic is specific to the New Clickwrap Experience. If you are using the Classic Clickwrap Experience, refer to the Classic Clickwrap Experience documentation.
“Uh oh! Your browser is blocking CSRF tokens!”
If you see this error message while using your Clickwrap account, you can easily fix it based on the browser that you use.
What are CSRF tokens? They are not related to the tokens you can include in your contracts. CSRF stands for "Cross-Site Request Forgery" and is a type of exploit where someone can intercept calls your browser is making and change them without your knowledge. That's where CSRF tokens serve their purpose. Normally, your browser gets a valid _csrf secure cookie when you navigate to the site and we use it to make sure that every single call to Ironclad it coming from you.
The “Uh oh! Your browser is blocking CSRF tokens!” message means that we couldn't verify the token stored in your browser. This is most likely caused by an advertisement or script-blocking plugin you may have installed. It can also be caused if browser is configured to prevent cookies from being sent and accessed.
If disabling your plugins did not solve the issue, here are some steps to update your browser's cookie settings.
Handle an Invalid CSRF Token Error Message in Chrome
- In Chrome, click the three stacked dots located in the top right corner, and then click Settings.
- Scroll to the bottom and click Advanced.
- In the Privacy and Security section, click the Content Settings button.
- Click Cookies.
- Next to Allow, click Add.
- Type [*.]pactsafe.com and click Add.
- Then type [*.]pactsafe.io and click Add.
- Under All cookies and site data, search for "pactsafe", and then delete all PactSafe-related entries.
- Reload Chrome and log into PactSafe.
Handle an Invalid CSRF Token Error Message in Firefox
- Go to Firefox's Preferences > Privacy & Security.
- In the History section, select Use custom settings for history from the dropdown menu.
- Click Exceptions and whitelist https://app.pactsafe.com and https://pactsafe.io.
- Scroll down to Site Data and click Settings.
- Search for "pactsafe" and remove all shown entries.
- Reload Firefox and log into PactSafe.
- If this alone doesn't help, try enabling third-party cookies in the Use custom settings for history menu, mentioned in step 2.
Handle an Invalid CSRF Token Error Message in Safari
- Open Safari Preferences from the dropdown menu in the navigation bar or type Cmd(⌘,) +.
- Click the Privacy tab and make sure that "Cookies and website data" is set to either Always allow or Allow from websites I visit.
- Click the Manage Website Data button to see all locally stored website data.
- Search for “pactsafe” and remove all Pactsafe-related entries.
- Reload Safari and log into PactSafe.