Posting image from SPA on production gives 403

HI Guys,

I have an Angular SPA and Laravel as a backend using Sanctum cookie based Auth.

I've deployed the app to AWS and when i upload an image via Angular i get a 403 response from Laravel. But it works locally so i am not sure if it's something related to Apache, permissions or Laravel.

Angular code which works locally.

    const headers = new HttpHeaders();
    headers.append('Content-Type', 'multipart/form-data');
    headers.append('Accept', 'application/json');
    return this.http.post<any>(WEB_END_POINT + 'upload', formData, { headers: headers })

Laravel web.php

Route::group(['middleware' => ['auth:sanctum']], function () {
    Route::post('user', [AuthController::class, 'me']); // WORKS IN PRODUCTION + LOCALLY
    Route::post('upload', [ProductController::class, 'upload']); // WORKS LOCALLY BUT NOT IN PRODUCTION

...

Controller is not being hit

     public function upload(Request $request)
     {
    return "test"; // this does not get returned
        $user = auth()->user();
        if ($request->hasFile('image')) {

I've tried playing with permissions in ubuntu, changing routes from post to put, changing the content type to 'enctype': 'multipart/form-data',

No error in apache error log..

No joy :(