Level 10
You have an error in the token name X-CSRF-TOKEN should be X-XSRF-TOKEN.
Also looks like you're using Postman. I have not had to send the token via Postman as it appears to do it automatically for me.
Aug 21, 2022
7
Level 9
CSRF Token Mismatch with Breeze API
What I have done:
-
called API
/sanctum/csrf-cookie -
copied
X-CSRF-TOKENvalue from the response cookie https://ibb.co/N64RrDt -
Tried to send
X-CSRF-TOKENas header. https://ibb.co/HnDRmDK
But still receiving csrf token mismatch
#PS: I am not looking to bypass CSRF token requirement by adding the register URL on VerifyCsrfToken
Level 9
@RayC Still same issue. I have used X-XSRF-TOKEN
1 like
Level 10
@Inquisitive Have you tried not setting it in Postman and setting the Content-type to json?
My header setup in Postman:
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Level 9
@RayC I could call it with front end app, but not with postman.
1 like
Level 1
@Inquisitive Is your problem solved now? I am also facing the same problem. Let me know. Thanks
Level 9
@maseed not yet.
Level 1
I know this is an old thread, but some people still face this issue. I was also facing this issue and struggled to find a solution on the internet. I finally was able to solve this by first URL Decoding the "XSRF-TOKEN" before using it on headers. It's good to delete cookies before sending the request.
Please or to participate in this conversation.