Alzaabi98
2 weeks ago
566
2
General

Laravel Sanctum error CSRF token mismatchs

Posted 2 weeks ago by Alzaabi98

I am trying to play with laravel sanctum and configure as SPA but I am not able to get it working unless I disable the csrf protection in laravel app.

When I send the localhost/sanctum/csrf-cookie from postman , I can see the 204 response and cookies are displayed

I made simple vue app and install axios then I run simple login code like this one :

<script>
import axios from "axios";
axios.defaults.withCredentials = true;
axios.defaults.baseURL = "http://127.0.0.1:8000";
export default {
  methods: {
    login() {
      axios.get("/sanctum/csrf-cookie").then(response => {
        console.log(response); //This is one success but it did set cookie in application cookie
        axios
          .post("/login", {
            email: "[email protected]",
            password: "123456"
          })
          .then(res => {
            console.log(res);
          }); // this one failed with 419 csrf token mismatch
      });
    }
  }
};
</script>

also here is my backend cors

'paths' => ['api/*', 'sanctum/csrf-cookie', 'login', 'logout'],

    'allowed_methods' => ['*'],

    'allowed_origins' => ['*'],

    'allowed_origins_patterns' => [],

    'allowed_headers' => ['*'],

    'exposed_headers' => [],

    'max_age' => 0,

    'supports_credentials' => true,

];

here is api in routes :

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    return $request->user();
});

here is sanctum.php in config folder

    'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', 'localhost,127.0.0.1')),

here is the sessions.config .. domain part

    'domain' => env('SESSION_DOMAIN', null),

I hope someone can help and let me what is wrong in my config ..

Please sign in or create an account to participate in this conversation.