CSRF token verification failed

Description of the issue:
How can this issue be reproduced?

  1. Go to a site with a login that requires me to 2-step authenticate
  2. The site gives me an error message that says “CSRF token verification failed”

Expected result:

  1. Go to a site with a login that requires me to 2-step authenticate
  2. The site gives me options to 2-step authenticate, or automatically logs me in if I authenticated within the last 30 days

Brave Version( check About Brave): [
Version 1.17.73 Chromium: 87.0.4280.67 (Official Build) (64-bit)

Additional Information:
I connected with IT on the website that I use, but they have never seen this issue before, and are unwilling to help because they are unfamiliar with Brave. I already tried clearing my cookies and history and restarting the browser and the computer. The two-step authentication works on any other browser, and in fact I have 2 different Brave windows with different users, and it works on one but not the other.

Hi @whispsofclouds
Can you try the page again but with all cookies allowed enabled.

I tried that but it still doesn’t work…


I encouter the same issue with sites as pcpartpicker.com, lichess.org or roll.net.
for example here is the error I get when I try to login to pcpartpicker.com :

Forbidden (403)
CSRF verification failed. Request aborted.

You are seeing this message because this HTTPS site requires a ‘Referer header’ to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable ‘Referer’ headers, please re-enable them, at least for this site, or for HTTPS connections, or for ‘same-origin’ requests.

If you are using the tag or including the ‘Referrer-Policy: no-referrer’ header, please remove them. The CSRF protection requires the ‘Referer’ header to do strict referer checking. If you’re concerned about privacy, use alternatives like <a rel=“noreferrer” …> for links to third-party sites.

More information is available with DEBUG=True.

I found a work around to this problem. I never encounter this issue when I use private navigation.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.