If you're encountering a 403 error on Server Actions and API Routes, it is possible that your requests lack a CSRF Token.
By default, the Makerkit middleware at
src/middleware.ts will automatically try to validate a CSRF token for HTTP methods such as
DELETE: failing to send a valid CSRF token will result in these requests being forbidden.
To fix this error, check out these pages:
- Server Actions: Add a CSRF token to your Server Actions
- API Routes: Add a CSRF token to your API Routes
If the CSRF Token is being sent but it's null/undefined, it's likely a bug. In that case, please open a support ticket in our Discord channel.