I am having the following setup:
- multi-context MODX installation that powers different websites (different URLs)
- using one API-specific context which is handling the form logic for all websites/contexts
- inside API context I am having a resource which is generating the CSRF token using CSRFHelper (ajax)
- inside API context I am having a resource that’s processing the form via formit (ajax)
CSRF validation on formit always fails if the token generating resource is in a different context than the form submitting resource. This only seems to fail in case multi-context is using different URLs.