If you're seeing a CSRF error message when logging into your Todoist account, don’t panic. You can find some simple solutions below:
<h2>Invalid or missing CSRF token</h2>
This error message means that your browser couldn’t create a secure cookie, or couldn’t access that cookie to authorize your login. This can be caused by ad- or script-blocking plugins, but also by the browser itself if it's not allowed to set cookies.
To address this issue, follow these steps.
<h2>Chrome</h2>
<ol>
<li>Open Chrome Settings.</li>
<li>In the Privacy and security section, click Cookies and other site data.</li>
<li>Scroll down to Sites that can always use cookies and click Add.
<ul>
<li>Copy and paste "[*.]todoist.com" and click Add.</li>
<li>Then copy and paste "[*.]cloudfront.net" and click Add.</li>
</ul>
</li>
<li>Click See all cookies and site data, search for todoist, and delete all Todoist-related entries.</li>
<li>Reload Chrome and log into Todoist.</li>
</ol>
<h2>Firefox</h2>
<ol>
<li>Open Firefox Settings.</li>
<li>On the left, select Privacy &amp; Security.</li>
<li>Under Cookies and Site Data click on Manage Exceptions.
<ol>
<li>Copy and paste "https://todoist.com" and click Allow.</li>
<li>Then copy and paste "https://cloudfront.net" and click Allow.</li>
</ol>
</li>
<li>Click Save Changes.</li>
<li>Next, click on Manage Data.</li>
<li>Search for todoist and select Remove All Shown.</li>
<li>Click Save Changes and confirm in the pop-up window by clicking Remove.</li>
<li>Reload Firefox and log into Todoist.</li>
</ol>
<h2>Safari</h2>
<ol>
<li>Open Safari Preferences from the drop-down menu in the navigation bar or by typing Cmd + , (⌘,).</li>
<li>
Click the Privacy tab and make sure that "Cookies and website data" is not set to "Block all cookies".</li>
<li>Click on Manage Website Data to see all locally stored website data.</li>
<li>Search for “Todoist” and remove all Todoist-related entries.</li>
<li>Reload Safari and log into Todoist.</li>
</ol>
<h1>CSRF tokens mismatch</h1>
This error message is caused by privacy extensions. If you are running any privacy extensions such as Ghostery or Privacy Badger, make sure to add todoist.com as a trusted website.

CSRF token error messages

Platforms