You should not need this " axiosClient.get('/sanctum/csrf-cookie').then(response => { " What does your app.blade.php look like?

You don't have the CSRF loaded in the head do you?

Axios automatically grabs the CSRF token https://inertiajs.com/docs/v2/security/csrf-protection#csrf-protection:~:text=Laravel%20automatically%20includes%20the%20proper%20CSRF%20token%20when%20making%20requests%20via%20Inertia%20or%20Axios.%20However%2C%20if%20you%E2%80%99re%20using%20Laravel%2C%20be%20sure%20to%20omit%20the%20csrf%2Dtoken%20meta%20tag%20from%20your%20project%2C%20as%20this%20will%20prevent%20the%20CSRF%20token%20from%20refreshing%20properly.

@janum Thanks for all that insight!

@jussimannisto It is all become super clear the last few days for me where I have gone wrong. I just wish I knew all this info months ago but never again will I struggle.

Appreciate your responses!

Speaking of LLMs being wrong:

5. For Inertia, always make the first request visit /sanctum/csrf-cookie A lot of devs forget this step. Once the cookie is set, the CSRF header is handled automatically. No need to manually fetch the token at all.

This is pointless with Inertia. The initial Inertia page response already includes the cookie. You'd only need this step if you had a pure SPA with Laravel as a backend API.