4.0.0.RC1 Grails Incompatible - Server returned 403: CSRF token doesn't match.

[codeconsole]

The plugin does not work with Grails 4.0.0.RC1

Executing a script results in the following message:
Server returned 403: CSRF token doesn't match. Please refresh the page.

Setup:

sdk use grails 4.0.0.RC1
grails create-app demo
cd demo
# add runtime 'org.grails.plugins:grails-console:2.1.1' to build.gradle
grails run-app

visit: http://localhost:8080/console/index#new
and hit the play button/execute a script.

[sheehan]

I just tested and it seems to be working for me. Does it work for you after a page refresh?

[codeconsole]

Refresh has no impact. Interestingly, it will work in an incognito window.

Strange, I just tested 3.3.9 and it doesn't work either so I guess this isn't related to Grails 4.

I am using Chrome 74.0.3729.131 on Mac OS Mojave 10.14.4

This used to work fine. Not sure what is going on here. Any ideas?

[codeconsole]

Safari works fine.

[codeconsole]

Any ideas on what might be causing the issue in Chrome? I tried disabling all my extensions. Still doesn't work. Weird that it works in incognito mode.

[sheehan]

Strange. It works for me in Chrome (same Chrome and Mac version). Does it work if you set
grails.plugin.console.csrfProtection.enabled = false

[codeconsole]

yes, and like I said, the csrfProtection works fine in an incognito window. Anything I can reveal by inspecting the headers?

[sheehan]

The execute call should send a X-CSRFToken header that matches what's stored in the session.

https://github.com/sheehan/grails-console/blob/master/grails3/plugin/grails-app/controllers/org/grails/plugins/console/TokenInterceptor.groovy#L14