Level 50
could be, pretty old thread here: https://stackoverflow.com/questions/1134290/cookies-on-localhost-with-explicit-domain
couldn't you just omit the SESSION_DOMAIN on localhost?
Sep 9, 2021
1
Level 2
This Set-Cookie was blocked because its Domain attribute is invalid with regards to the current host URL
I am trying to use Sanctum.
React frontend is separate and served from localhost and the Laravel API is served from api.localhost (edited in the nginx config file)
Now I try to send request to the /sanctum/csrf-cookie and get the following error in the response headers for the XSRF-TOKEN Set-Cookie attempt:
This Set-Cookie was blocked because its Domain attribute is invalid with regards to the current host URL
The page I'm calling /sanctum/csrf-cookie from is http://localhost/register.
This is how the response header for the XSRF token looks like:
Set-Cookie: XSRF-TOKEN=long-encrypyed-value; expires=Thu, 09-Sep-2021 11:18:25 GMT; Max-Age=7200; path=/; domain=.localhost; samesite=lax
EDIT: Could the issue be because localhost is actually not a valid domain for this?
you can see the domain is .localhost because I set it as SESSION_DOMAIN=.localhost in the .env file..
But nothing works!
Please or to participate in this conversation.