Error when logging in as artist: Forbidden - CSRF token invalid

Hi, we’re getting this error logging in as an artist:

Forbidden - CSRF token invalid

We have a new upload ready to go, we thought initially it might be wordpress issues. We tried as well in incognito mode, still the same response, so unlikely it’s cookie/browser based.

Thoughts? Help? Words of Wisdom? Coffee coupons?


Thank you!


Also github ticket here Forbidden - CSRF token invalid · Issue #60 · resonatecoop/website · GitHub

@srorecords where are you seeing the CSRF token invalid error?

1 Like

Sure can, so we login here (please see attached images):

Here the deal, when I’m not an international man of mystery, I’m a java developer from wayyy back, I’ve tried multiple browsers, including incognito, etc… same response. could it be account based? Wordpress… ugh. I’m not seeing any UI errors in the console either… nada.

Sorry can’t be of more assistance. 99.99999% of the time this kind of thing is a cache/cookie issue.

I’m having the same issue, login> continue login>Forbidden CSRF token invalid


I’m also encountering this, can’t listen to music at all. It happened right after I changed some of my profile info, including my picture. Anyone know if this has a fix yet?

There’s a lot happening at the moment on the backend so this is probably why you’re having some trouble with your account. I can attest we ARE trying to tackled this issue at the moment, but I can’t tell you how long it will take, maybe @psi or @piper can chime in to sort out your particular problem more quickly !

Hey all!

Thanks for reporting this error. We’re finishing drafting a blog post to make an announcement around this and the general state of the API which will explain things a bit more. But yeah, like LLK said we’re working hard on trying to resolve this. Hopefully we’ll have something to show by the end of the month, and when the time comes we’ll be circling back here and also looking for quality assurance and bug testers, so if that’s something you’re interested in, please let me or any of the @maintainers know!

1 Like

hey @DRACA and @Sylvia We’ve just pushed a change (thanks to @auggod) that we’re hoping will resolve the issue, could check that you still have the problem whenever possible ?

Hi, sorry but I’m still having the same issue :face_with_diagonal_mouth:

1 Like

Thanks for your feedback, we’ll keep looking into it :slight_smile:

Make sure to delete cookies data or use private tab in all future attempts. I have pushed another fix in an attempt to fix this. I can’t reproduce the issue myself with brave browser.


Hi folks, thanks for looking into this. I went in with an incognito window, still getting the CSRF error; as you know csrf stands for cross-site request forgery, it seems for some reason, these accounts are not issued the correct token from one (or more) of your subdomains to finalize login credential handshake. Why does it happen with some accounts and not all? Could it be only accounts that made some customizations to their user account?


I cleared my cookies, still running into the same CSRF error

1 Like

Hey all, please check out this post to get more insight into how development is going and what we’re working on:

Please note specifically paragraph two onward

With @auggod’s departure, this leaves the remaining volunteer @maintainers with a dev stack they cannot successfully and completely build locally (making it nearly impossible to fix things when they break, or to implement new features), in particular the ID server written in Golang. A number of the current live assets exhibit technical debt, meaning they use libraries and packages that are no longer well-supported, making it an uphill battle to maintain and build upon. Also, the transition off of WordPress is not quite complete.

Additionally, the co-op is currently low on funds and can’t afford to hire a developer to contribute full time.

As a result, the current tech stack and setup should be seen as a success as an initial prototype, a proof of concept, which will tide us over until we can eventually create a Minimum Viable Product for Resonate. Expect our current infrastructure to be in flux for the time being while we build out new solutions that are easier to get running and contribute to as volunteer developers, and lack the technical debt that our current prototype exhibits.

I know it’s bummer news but we want to be up front that it’s possible we won’t be able to fix this any time soon. We’ll post here and in the above thread as we learn and know more, and develop new solutions.


oh, that’s unfortunate

I’m having this problem as well, haven’t been able to log in for a couple of weeks now


Yes, since most dev efforts are being redirect to a full rewrite of the codestack at the moment, sadly sorting out this issue would take a lot of energy for something that will probably very soon be out of date. We’ve tried a few fix in the past but none of those worked. Really sorry you’re having trouble to connect but hopefully the new backend infrastructure will remedy this. I don’t want to give you any heads up or timeline for this though, so please excuse us in the meantime…