InertiaJS / Vite in production - Error 419

@Sinnbeck Yes that's what I thought, a CSRF error ... but what can I check in the env file ? The session driver is set to file ... what else ?

@vincent15000 that could mean it cannot write to the session directory so it never sets a session. Maybe try another driver like cookie or ensure that the directory is writable

@Sinnbeck That's strange because I never got this type of problem before using InertiaJS.

I get the same problem with the session driver set to cookie.

And I found a post on Laracast (7 months ago) : a person had the same problem (419) with the session driver set to database, but he had received no answer.

@Sinnbeck I just explored the session folder and sessions are created.

Here is the content of one session file.

a:2:{s:6:"_token";s:40:"Ye6qhh67eA8Wf5Dgm3mI6Q3pawyzMfq6S3bAFmKg";s:6:"_flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}

Any idea ?

@vincent15000 check SESSION_DOMAIN in .env perhaps?

@vincent15000 any errors or warnings in the browser console?

@Sinnbeck The only message I have in the console is this one.

POST https://grapp.mydomain.fr/register 419

I have also tried to add withCredentials to axios, but it doesn't work better.

In the InertiaJS documentation, I have read that I should add the token manually in each request, but if using Laravel, the token is automatically added. I have checked in the headers of the request, and effectively I have the token injected in each request.

That's strange ... it works locally but not on the webhosting. And I have exactely the same configuration, so what could disturb server side ?

Or is it really something in the code ? A misconfiguration perhaps ?

@Lumethys I have have tried to set the session domain to the app domain, but it doesn't work better.

@vincent15000 Really strange. Can you make a simple test form using a plain blade view, and see if that works?

@Sinnbeck Already done and it works. I have found this post, I let you have a look.

https://laracasts.com/discuss/channels/inertia/419page-expired-in-production-csrf-problem-with-laravel-9-and-inertia

I will try to use this way to submit a form. If it works, the question : what is the difference between Inertia.post and form.post related to axios and the CSRF token.

@Sinnbeck It works when I use useForm() from InertiaJS and submit my form with form.post(), it works.

When I use Inertia.post(), it doesn't work.

Does anybody know what is the difference between both writings ?

I just noticed that I have this problem only the the registration of a new user. Otherwise for all post, put, delete methods, it's ok and I have no problem once I am connected on the app.

@vincent15000 using useForm() also worked for me for SESSION_DRIVER = database

@vincent15000 Could you maybe elaborate on using useForm() vs Inertia.post()? I'm trying to figure out whether this might apply in my case. I'm using Inertia with React and Laravel 11, so perhaps there's a difference. Here's my login.jsx file: https://pastebin.com/cnZnGpwz (It's really just the default login page after setting up a project using Laravel Breeze for Inertia with React)

As you can see I'm importing useForm from Inertia, and then using post, so I suppose it's Inertia.post in a way. But I'm not sure how I'd change it to form.post.

@Ali88 The problem is not related to the cache.

@vincent15000 in my case it worked this way but your case seems to be very complicated. Hope you will find the exact reason of this problem. I am leaving my comment here to keep following the post.

@Ali88 The error 419 can't be related to the cache, it's impossible.