Trouble with deploying a "default" Inertia-React project to Cloud Run

(Update: Please see my response below. I set this project up to try and isolate a 419 issue with another project. Initially I had some different problems with this barebones project, but have since found a way around them. So now I need help with the 419 issue that bunch of people seem to experience, but none of the solutions that have worked for others were successfull for me.)

By default I mean there are no changes made to the code or config files of the project itself.

I'm trying to smooth out some trouble I have with the deployment of another project, by first finding a clean and working deployment configuration with a plain project, i.e. only the Breeze login/auth features.

Here's the public repository on GitHub: https://github.com/larshappel/csrf-debug I included the .env for documentation purposes, as there's no sensitive content inside. As the Readme states, this is how the project was created:

composer create-project laravel/laravel csrf-debug
# -> Installing laravel/laravel (v11.2.0)
cd csrf-debug
composer require laravel-breeze --dev
php artisan breeze:install
# -> Select React from the install menu
npm run build # Create JS files

Afterwards, I put in some config files for setting up Docker and nginx:

Dockerfile
docker-compose.yml
startup.sh
nginx.conf

You can see the contents of all of these files in the repository. I'm not very experienced with setting these up, so maybe they contain some issues, and I would be happy if anyone could point anything out.

The app is deployed on GCP Cloud Run here: https://csrf-debug-162956230927.asia-northeast2.run.app/

When you visit, you might first get a 502 Bad Gateway, when the container takes a moment to start up. What I'm wondering about is, when visiting the site I sometimes get the "Minified React Error 321" (https://react.dev/errors/321?invariant=321) which suggests there's something wrong with a hook call, or mismatching or double versions of React...? I have no idea, but this doesn't happen when I run the image locally.

Sometimes upon revisiting the site, it apparently loads correctly, giving only a "TypeError: Re.current is null" in the console. Then, when clicking for example "Register" in the top right, a modal shows this:

All Inertia requests must receive a valid Inertia response, however a plain JSON response was received.

{"component":"Auth/Register","props":{"errors":{},"auth":{"user":null}},"url":"/register","version":"b9ecb29065f8ae28af4812f3e5ad49c5"}

Again, this isn't something that happened when running the container locally, and of course all the Inertia middleware should be in place. I can hardly believe the default setup after project initialization would contain any bugs, so I'm sure the issue has to be with my configuration of the container...?

I would be super happy if someone could help me out, as I've been trying for several days now to get a Laravel-Inertia-React app deployed in a production-like environment, but have been running into strange issues like this. (The main project has similar issues. It works locally, but after deploying the POST requests are missing XSRF tokens, so I'm getting 419 errors. However, that's a different can of worms. Here I'm trying to first isolate the issue by deploying a barebones project.)

I'm being verbose here, but I set up the public repo and documented the steps to make everything as transparent as possible, in hope someone can figure out what's going on.

larshappel

1 year ago

Level 1

Ok, an update here. As it turns out, the error I described above ("All inertia requests must...") happens on Firefox, but not when using Chrome. While it's still bothering me, the issue with Minified React Error 321 and Inertia Requests now happens only when deployed and opened with Firefox. Maybe it's one of Firefox's addons stripping something out, while it doesn't do the same thing while I open the page on localhost.

In any case, this reveals the real issue and the reason why I created this barebones project in the first place: When trying to register a user or log in, it redirects to the "419 Page Expired" modal. It appears as if the POST request doesn't have an X-XSRF token in its header.

My guess is, again, it has something to do with the configuration of nginx, or something that is or isn't in the Dockerfile or .env file. As mentioned, the actual application code is completely untouched, so I'm basically ruling that out as the source of the issue. Any help would be greatly appreciated.

To elaborate a little bit more: I'm using Laravel 11. When inspecting the request in in Chrome now (the one that gets the 419 response), there is an X-XSRF cookie among the headers. I tried setting the SESSION_DRIVER env variable to all kinds of things, from file (granting permissions in the Dockerfile) to redis to cookie, nothing worked.

Others have said it worked for them when they set SESSION_HTTP_ONLY to false, so I tried that, but it does nothing. Tried about every configuration option I can imagine. It's really only trial & error at this point, as I have no idea what could be causing this. Any input would be appreciated.

Please or to participate in this conversation.