ERROR: The API returned with error 400: CSRF token not in form

ERROR: The API returned with error 400: CSRF token not in form.
I get this error when I have a lot of targets. Attached is my GitHub action run.

(Update mayhem.yml · prateekvishnu/beacon-fuzz@a40107a · GitHub)

Hey! Can you confirm that you are using a MAYHEM_TOKEN secret set for that project? You may get rate-limited if you have too many targets and use the tokenless flow.

I believe I am

I’m not positive, but I think this might be throttling behavior on the part of Mayhem i.e. to prevent token hijacking? I have seen this behavior with other runs where there are more than 10 runs per workflow. If you reduce your targets to 5 or so (comment out the Mayhem actions in the workflow after the 5th one), does the workflow succeed?

I forked your repository and was able to resolve by setting a MAYHEM_TOKEN - see: Actions · ethan42/beacon-fuzz · GitHub (run 5 is without setting a MAYHEM_TOKEN under the project settings, while run 7 is after I set that token).

The tl;dr of this is: if you’re making extensive use of targets, you should set a MAYHEM_TOKEN. This happens under the Settings->Secrets->Actions tab of your project (see below). Let us know if that didn’t work for you!

@abrewer Your solution works but @ethan42’s solution is more complete so I completed the submissions with that. Thank you both.

1 Like

I am facing the same issue and I tried to replicate this solution on my repo but its still not working. I’ll be glad if you could help me out on this one.

Hey! Have you confirmed that you have populated your project’s action->secrets page with a MAYHEM_TOKEN entry, i.e., do you see the screenshot that was posted above in that page? Are you sure the token was copied correctly as to that secret variable?

I wrote the value of MAYHEM_TOKEN as the value of my GITHUB_TOKEN. What is the value I have to put as the MAYHEM_TOKEN ?

That won’t quite work, you should be using a MAYHEM_TOKEN - see the documentation for how to generate these. Or simply navigate to Mayhem and create some! Let me know if that didn’t work for you!

Thanks for the solution. I was able to resolve the issue and complete the integration.