[11:33:29] <Sohom_Datta>	 Is there any case where I can get a null CSRF token ?
[11:33:39] <Sohom_Datta>	 Or the CSRF token is a empty string
[11:33:55] <Sohom_Datta>	 Context: https://phabricator.wikimedia.org/T345890
[11:35:50] <taavi>	 Sohom_Datta: i don't think it's ever fully empty. but logged-out users get a single plus sign or something similar to that
[11:37:30] <Lucas_WMDE>	 +\ iirc (to confirm that whatever library they’re using escapes everything correctly)
[11:37:48] <Lucas_WMDE>	 I also don’t think an empty string should ever happen
[11:40:27] <Sohom_Datta>	 So https://gitlab.wikimedia.org/cloudvps-repos/videocuttool/VideoCutTool/-/blob/master/server/controllers/router-controller.js#L12 is the source code of what we are doing to upload videos
[11:41:29] <Sohom_Datta>	 It directly takes the token and plugs it into the upload API, I don't think we are losing the token somehow ?
[11:42:07] <Sohom_Datta>	 Also, I can't for the life of me reproduce this, but multiple other peeps can (We've go like 5 reports of this :()
[11:43:11] <Sohom_Datta>	 I wonder if the API returns +/ and that shows up as token not present ?
[11:43:19] <Sohom_Datta>	 *+\
[12:55:58] <Lucas_WMDE>	 I don’t see anything obviously wrong with that code, or at least nothing that I’d expect to cause this particular error message
[12:56:13] <Lucas_WMDE>	 though it is suspicious that the actual upload request is missing the Content-Type header compared to the token request
[12:57:49] <Lucas_WMDE>	 I’d try to add some more logging and see if that clears up things
[13:40:16] <Sohom_Datta>	 Yeah will do that, I'll add some logging so I can get a better understanding of what's going on