Even when CSRF protection is disabled, the authentication middleware automatically logs out users and redirects them to the sign-in page.
Currently, the only way to test is to go directly to the website.
We emphasize that everything is still in development, so please use the option provided to create a demo test account and do not use real passwords. Instead, write and use automatically generated passwords for the demo account.
I'm pretty sure this game is just a phishing scam. I would recommend changing any password to accounts linked to that email or username that use the same password as the one you used for signup
As you may have noticed, the application is in the development phase. That's why we have disabled login with real email accounts and provided the option to signup with a test account that is not linked to an email and uses dummy data.
Unfortunately, we did not anticipate that there would be a challenge accessing the application through embedded content.
Thanks for feedback we will try to make it playable from embeded here on Itch.io
Thank you for bringing attention to this unexpected bug. Upon further investigation, we discovered that it is an embedded CSRF protection that prevents access from third-party websites. The challenge arose because embedded content from the web application was included in plain HTML uploaded to Itch.io.
← Return to project
Comments
Log in with itch.io to leave a comment.
Current Challenge During Login
Even when CSRF protection is disabled, the authentication middleware automatically logs out users and redirects them to the sign-in page.
Currently, the only way to test is to go directly to the website.
We emphasize that everything is still in development, so please use the option provided to create a demo test account and do not use real passwords. Instead, write and use automatically generated passwords for the demo account.
The game was not playable because it just showed a black screen in the game frame after signing up.
I'm pretty sure this game is just a phishing scam. I would recommend changing any password to accounts linked to that email or username that use the same password as the one you used for signup
As you may have noticed, the application is in the development phase. That's why we have disabled login with real email accounts and provided the option to signup with a test account that is not linked to an email and uses dummy data.
Unfortunately, we did not anticipate that there would be a challenge accessing the application through embedded content.
Thanks for feedback we will try to make it playable from embeded here on Itch.io
Thank you for bringing attention to this unexpected bug. Upon further investigation, we discovered that it is an embedded CSRF protection that prevents access from third-party websites. The challenge arose because embedded content from the web application was included in plain HTML uploaded to Itch.io.