Hi,
When re-submitting an editted form submission the kobo backend returns an error on a missing CSRF token. I am wondering if we are using the functionality in the intended way.
Situation:
In our own backend we are fetching the edit url from the following endpoint: https://eu.kobotoolbox.org/api/v2/assets/<form id>/data/<submission id>/enketo/edit
Which returns the following: {"url":"https://ee-eu.kobotoolbox.org/edit/<id>?instance_id=<id>&return_url=false","version_uid":"<id>"}, to which we redirect our user.
Expected behaviour:
After the user edits the form submission and resubmits the form, the user is redirected back to the return url.
Observed behaviour:
After this user edits the form submission and resubmits the form, the frontend seems to do a POST to https://ee-eu.kobotoolbox.org/submission/<id> returns the following error json:
{"detail":"CSRF Failed: CSRF cookie not set."}
When checking the cookie it contains the following properties:
fundraiseup_cid=<id>; __enketo_meta_deviceid<id>; kobonaut__eu_kobotoolbox_org=<id>; fundraiseup_stat=; fundraiseup_func={object}; django_language=en So there’s indeed no CSRF token present.
Questions:
- Can this edit submission functionality be used like this? i.e. retreive the edit url from our own backend using the kobo api and redirect the user to it
- If that indeed should be possible, is there something else which could lead to this behaviour?
