Error 419 when sending request from subdomain to domain
Hey, I get an error 419 when sending a request from admin.example.com to example.com. I'm sending the CSRF token in the request so I guess it's just because of the subdomain.
You need to make sure that you're sessions are shared between subdomains. You can configure this in your app/session.php config file. By default this points to the SESSION_DOMAIN environment variable.
/*
|--------------------------------------------------------------------------
| Session Cookie Domain
|--------------------------------------------------------------------------
|
| Here you may change the domain of the cookie used to identify a session
| in your application. This will determine which domains the cookie is
| available to in your application. A sensible default has been set.
|
*/
'domain' => env('SESSION_DOMAIN', null),
So now you either change the value in your config or in your .env to something like this
Setting it to *.example.com did not work. I receive error 419 even when sending a request to example.com from example.com.
I already tried setting it to ".example.com" which allows me to send requests from example.com to example.com, but I cannot send POST requests to the subdomain or from the subdomain.
Just tested with GET requests and they also get the same error. I disabled CSRF and it looks like the page that I'm requesting data from can't even see my cookies. I returned "dd($_COOKIE)" in the response and the output was [], but when going to the page in my browser it returns all my cookies. How do I fix this?
