ahoi
1 month ago
297
6
Laravel

CSRF token mismatch on Laravel-sites on example.org and staging.example.org

Posted 1 month ago by ahoi

Hello everybody,

I got a strange problem:

I got two websites:

  • example.org
  • staging.example.org

it's both the same Laravel-app, but the one is on production and the other one is for staging.

Now my problem:

If I visit example.org I can send my contact form without problems. If I visit staging.example.org, I can not send the contact form on example.org again. It always returns HTTP 419 CSRF-token mismatch.

This is the .env for both:

example.org

APP_NAME=Example    
APP_ENV=local
APP_KEY=base64:/......
APP_DEBUG=false
APP_URL=https://example.org

LOG_CHANNEL=stack

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=...
DB_USERNAME=...
DB_PASSWORD=...

BROADCAST_DRIVER=log
CACHE_DRIVER=file
QUEUE_CONNECTION=sync
SESSION_DRIVER=file
SESSION_LIFETIME=120

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_DRIVER=smtp
MAIL_HOST=...
MAIL_PORT=587
MAIL_USERNAME=...
MAIL_PASSWORD=...
MAIL_FROM_ADDRESS=...
MAIL_ENCRYPTION=tls

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

SANCTUM_STATEFUL_DOMAINS=example.org,localhost,127.0.0.1
SESSION_DOMAIN=.example.org
SESSION_SECURE_COOKIE=false

staging.example.org

APP_NAME=Example
APP_ENV=staging
APP_KEY=base64:...
APP_DEBUG=true
APP_URL=https://staging.example.org

LOG_CHANNEL=stack

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=...
DB_USERNAME=...
DB_PASSWORD=...

BROADCAST_DRIVER=log
CACHE_DRIVER=file
QUEUE_CONNECTION=sync
SESSION_DRIVER=file
SESSION_LIFETIME=120

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_DRIVER=smtp
MAIL_HOST=...
MAIL_PORT=587
MAIL_USERNAME=...
MAIL_PASSWORD=...
MAIL_FROM_ADDRESS=...
MAIL_ENCRYPTION=tls

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

SANCTUM_STATEFUL_DOMAINS=staging.example.org,localhost,127.0.0.1
SESSION_DOMAIN=.staging.example.org

Any idea how to solve this issue?

Please sign in or create an account to participate in this conversation.