Is it even possible to consume a Laravel API on AWS (Vapor) using Sanctum from a Vercel app in a different domain?
I've seen other threads that had a similar setup and I don't think there was a clear resolution. I'd like to know whether I'm wasting my time.
I've narrowed down the issue to the Set-Cookie XSRF-TOKEN header being passed with samesite=lax, even though it's set to none in the session configuration.
This is what's being sent back from the API server.
It is possible to consume a Laravel API on AWS (Vapor) using Sanctum from a Vercel app in a different domain. The issue with the Set-Cookie XSRF-TOKEN header being passed with samesite=lax can be resolved by setting the SESSION_DOMAIN environment variable in the Laravel application to the domain of the Vercel app.
In the Laravel application, set the SESSION_DOMAIN environment variable in the .env file or in the config/session.php file:
SESSION_DOMAIN=xxxx.vercel.app
This will ensure that the Set-Cookie XSRF-TOKEN header is passed with samesite=none and the Vercel app can consume the Laravel API.
