If you're seeing a CSRF error message when logging into your Todoist account, don’t panic. You can find some simple solutions below:
Invalid or missing CSRF token
This error message means that your browser couldn’t create a secure cookie, or couldn’t access that cookie to authorize your login. This can be caused by ad- or script-blocking plugins, but also by the browser itself if it's not allowed to set cookies.
To address this issue, follow these steps.
Chrome
- Open Chrome Settings.
- In the Privacy and security section, click Cookies and other site data.
- Scroll down to Sites that can always use cookies and click Add.
- Copy and paste
[*.]todoist.comand click Add. - Copy and paste
[*.]cloudfront.netand click Add.
- Copy and paste
- Click See all cookies and site data.
- Search for
todoist. - Delete all Todoist-related entries.
- Reload Chrome and log into Todoist.
Firefox
- Open Firefox Settings.
- On the left, select Privacy & Security.
- Under Cookies and Site Data click on Manage Exceptions.
- Copy and paste
https://todoist.comand click Allow. - Then copy and paste
https://cloudfront.netand click Allow.
- Copy and paste
- Click Save Changes.
- Click Manage Data.
- Search for
todoistand select Remove All Shown. - Click Save Changes.
- Click Remove to confirm.
- Reload Firefox and log into Todoist.
Safari
- Open Safari Preferences from the drop-down menu in the navigation bar or by typing Cmd + , (⌘,).
- Click the Privacy tab.
- Check that Cookies and website data is not set to Block all cookies.
- Click Manage Website Data to see all locally stored website data.
- Search for
todoistand remove all Todoist-related entries. - Reload Safari and log into Todoist.
CSRF tokens mismatch
This error message is caused by privacy extensions. If you are running any privacy extensions such as Ghostery or Privacy Badger, make sure to add todoist.com as a trusted website.
Get in touch
If you've followed the steps above and you're still running into a CSRF issue, get in touch with us.