What's CSRF? 

Cross-Site Request Forgery is an attack that forces the user to execute unwanted actions on a website during state-changing requests.

The “Invalid request due to CSRF token error.” message means that your browser couldn’t create a secure cookie, or couldn’t access that cookie to authorize your login. 

This can be caused by ad- or script-blocking plugins or extensions, but also by the browser itself if it's not allowed to set cookies. If you're running your browser with "--disable-web-security" option or have any safe-browsing or CORS extensions enabled in your browser, disabling them before trying to log in or signup should help.

If this doesn't help, though, here are ways to fix this on different browsers.

 

Safari

  1. Open Safari Preferences from the drop-down menu in the upper right corner or through Cmd + comma (⌘ + ,) shortcut. 
  2. Click the Privacy tab and make sure that "Cookies and website data" is set to either "Always allow" or "Allow from websites I visit".
  3. Click on the Manage Website Data button to see all locally stored website data. 
  4. Search for “Avocode” and remove all Avocode-related entries.
  5. Reload Safari and try to log in or sign up again

 

Chrome

  1. Open Chrome Settings.
  2. Scroll to the bottom and click on Advanced.
  3. In the Privacy and security section, click the Content Settings button.
  4. Click on Cookies.
  5. Next to Allow, click Add. Type [*.]avocode.com and click “Add”.
  6. Under All cookies and site data, search for Avocode, and delete all Avocode-related entries.
  7. Reload Chrome and try to log in or sign up again

 

Firefox

  1. Go to Firefox's Preferences > Privacy & Security menu.
  2. In the History section, select "Use custom settings for history" from the drop-down menu.
  3. Click on Exceptions and whitelist avocode.com
  4. Scroll down to Site Data and click on Settings next to it.
  5. Search for "avocode" and remove all shown entries.
  6. Reload Firefox and try to log in or sign up again

Note, if this alone won't help, please go to Cookies and Site Data, and set “Accept third-party cookies and site data” to either "From Visited" or "Always".

Did this answer your question?