Invalid CSRF token using flag.link_builder service (Flag module)

by Ronnie   Last Updated May 23, 2020 00:07 AM

I have a REST route that returns a list of user accounts. I have a flag setup called 'following' as you can follow and unfollow other members. In my REST route, I use:

$flag_link = \Drupal::service('flag.link_builder')->build('user', $member->id(), 'following');

which generates the link correctly as far as I can tell. In my javascript object I can see the link that was created. This is an example of the JS object of a user that I use on the front end:

    #access: true
    #action: "flag"
    #attached: {placeholders: {…}, library: Array(1)}
    #attributes: {title: "", href: "/flag/flag/following/3?destination&token=FS3qUJ8qDXd5aIqcn1lM459kYsfNuC5b_iePn_E1V5g", class: Array(1)}
    #cache: {contexts: Array(1), tags: Array(0), max-age: -1}
    #flag: {id: "following", label: "Following"}
    #flaggable: {}
    #theme: "flag"
    #title: {#markup: "Follow this person"}
  id: "3"
  name: "ronnie"
  url: "/user/3"

When I go to click the link it 403 forbiddens with the message message: "'csrf_token' URL query argument is invalid."

Any idea what I am doing wrong?

Tags : 8 flags csrf

Related Questions

How to override csrf token/cookie in drupal 7?

Updated September 16, 2018 17:07 PM

How to fix "Clickjacking"?

Updated February 22, 2017 14:07 PM

CSRF Protection form Anonymous Forms

Updated February 16, 2018 13:07 PM

Menu Callback and CSRF

Updated May 05, 2016 08:03 AM