I'm encountering an issue with form submissions in my SvelteKit application hosted behind an Application Load Balancer (ALB) in AWS with TLS termination. When submitting a form via HTTPS, the request fails with a "Cross-site POST form submissions are forbidden" 403 error.
However, form submissions work fine over HTTP or if I disable CSRF checks by setting csrf: { checkOrigin: false }
in the SvelteKit config.
I've tried setting the ORIGIN
environment variable to http://www.example.com
during build time, but the issue persists. How can I resolve this problem and allow form submissions over HTTPS without disabling CSRF checks?
Im using @sveltejs/adapter-node
for the adapter
Thank you!