Return 400 response on failed origin checks

[brophdawg11]

No description provided.

[changeset-bot]

🦋 Changeset detected

Latest commit: 5895b22

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 11 packages

Name	Type
react-router	Patch
@react-router/architect	Patch
@react-router/cloudflare	Patch
@react-router/dev	Patch
react-router-dom	Patch
@react-router/express	Patch
@react-router/node	Patch
@react-router/serve	Patch
@react-router/fs-routes	Patch
@react-router/remix-routes-option-adapter	Patch
create-react-router	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

🤖 Hello there,

We just published version 7.13.0-pre.0 which includes this pull request. If you'd like to take it for a test run please try it out and let us know what you think!

Thanks!

[github-actions]

🤖 Hello there,

We just published version 7.13.0 which includes this pull request. If you'd like to take it for a test run please try it out and let us know what you think!

Thanks!

[jestersoftware]

This change seems to coincide with my seeing "400 (Bad Request)" errors upon form submit -> POST to a route / action. I haven't seen this error before; the functionality has been working previously; I cannot replicate locally; it only happens in my production domain. I tried to google what react-router is doing with regards to "failed origin checks" but came up empty so far. Any pointers appreciated, thank you.

• Jesse

[brophdawg11]

This was a change of the status code for the error from the CSRF added check in 7.12.0. Sounds like you might be submitting to a UI route from an external origin? If so, you would need to add that to allowedActionOrigins

[jestersoftware]

Ok I see now the history #14708. Just WOW. Extremely unacceptable. I will never use r-r again for another project. And no, I'm not - I'm just using a reverse proxy server like millions of others.