Level 3
Can you try having SANCTUM_STATEFUL_DOMAINS=localhost instead of SANCTUM_STATEFUL_DOMAINS=localhost:5000
Mar 15, 2021
5
Level 1
csrf-token does not store in the browser cookies that send by laravel8 sanctum
i am using sactum for my laravel api this is the .env configuration
APP_ENV=local
APP_KEY=base64:jgeg/Rdc0pAAmYlnvBCKiBk+kGc89KIfnP8Nv4tbpi4=
APP_DEBUG=true
APP_URL=http://localhost
LOG_CHANNEL=stack
LOG_LEVEL=debug
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=bbb
DB_USERNAME=root
DB_PASSWORD=
BROADCAST_DRIVER=log
CACHE_DRIVER=file
QUEUE_CONNECTION=sync
SESSION_DRIVER=cookie
SESSION_LIFETIME=120
SANCTUM_STATEFUL_DOMAINS=localhost:5000
MEMCACHED_HOST=127.0.0.1
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
and this is the sancutom config
<?php
return [
/*
|--------------------------------------------------------------------------
| Stateful Domains
|--------------------------------------------------------------------------
|
| Requests from the following domains / hosts will receive stateful API
| authentication cookies. Typically, these should include your local
| and production domains which access your API via a frontend SPA.
|
*/
'stateful' => explode(',', env(
'SANCTUM_STATEFUL_DOMAINS',
'localhost,localhost:5000,127.0.0.1,127.0.0.1:8000,::1'
)),
/*
|--------------------------------------------------------------------------
| Expiration Minutes
|--------------------------------------------------------------------------
|
| This value controls the number of minutes until an issued token will be
| considered expired. If this value is null, personal access tokens do
| not expire. This won't tweak the lifetime of first-party sessions.
|
*/
'expiration' => null,
/*
|--------------------------------------------------------------------------
| Sanctum Middleware
|--------------------------------------------------------------------------
|
| When authenticating your first-party SPA with Sanctum you may need to
| customize some of the middleware Sanctum uses while processing the
| request. You may change the middleware listed below as required.
|
*/
'middleware' => [
'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,
'encrypt_cookies' => App\Http\Middleware\EncryptCookies::class,
],
'prefix' => 'api',
];
i am using custome authentication
Level 1
hey bro laravel send the this when i hit axios.get('sanctum/csrf-token) but itthe browser does not store the cookie storage
XSRF-TOKEN=eyJpdiI6ImxSbi91cDY4OElsMjB1SU1jRU9Ia3c9PSIsInZhbHVlIjoidUlSall2RXVyNW5PN1dnRTdsd24wcnE4OE9TcGlSakVsSEN1SDQxOTZSL0NHT1d2eFNYOUNuTFVhczdzOEczOEV5eHpDS3Y2Q3FVb01ac3BEV01hZ1ZrbityaW9Gb3ZVQ2Jha2w2bi9pcitWcHoybTdPdjMyelNydnBvWlF1M3MiLCJtYWMiOiIzNGFjNTY3NzNlNGUyYzJjOWFjNzI4NGY5MmJjOWU1MTZhMjJkZDA3NmZkZTkyY2JkNmMxOTI3YTk1MjllM2YyIn0=; expires=Mon, 15-Mar-2021 11:33:12 GMT; Max-Age=7200; path=/; samesite=lax```
Level 3
You need to add this token to your Axios calls. You can do something like the below:
const config = {
headers: { Authorization: `Bearer ${token}` }
};
const params = {
key: "value"
};
axios.post(
'http://localhost/api/call',
params,
config
).then(console.log).catch(console.log);
Level 10
open inspect > Application tab> cookies then click on 127.0.0.1:8000 can you see cookies with the name XSRF-TOKEN AND laravel_session?
Level 1
no its not stored
Please or to participate in this conversation.