Level 29
https://laravel.com/docs/8.x/csrf#csrf-x-csrf-token
I have no experience in this issue.
Since you ask send it manually, maybe you can refer to this, set the Axios header, just a suggestion.
1 like
Sep 8, 2021
3
Level 2
How to send back the XSRF-TOKEN?
I just want to say that Laravel needs to update their docs!
I found out why my frontend never succeeded in saving the XSRF-TOKEN: It's beacuse I didn't change SESSION_DRIVER to cookie in the .env file. The default is SESSION_DRIVER=file, and nowhere in the doc is it mentioned. Not even in Sanctum docs.
Now that I see my XSRF token saved in the browser (Some encrypted long string). How can I send it back with the POST requests with Axios from the frontend?
The frontend is on localhost:3000 and the Laravel API on localhost:8080 and that' s why Axios might not be sending this token back.
So how can I send it manually?
Level 2
I saw it, but my XSRF-TOKEN is not called csrf-token, it has some encrypted name . The specific doc you send is about CSRF from within Laravel, not a separate SPA I think
Level 29
and the Laravel API on localhost:8080
So you are calling the API routes?
At your config/cors.php, change the supports_credentials to true
Example
<?php
return [
'paths' => ['api/*', 'sanctum/csrf-cookie', 'test'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true,
];
Please or to participate in this conversation.