Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello,
Is there any way, using Laravel Sanctum, that I can work with an SPA on localhost:3000 but make requests to the remote API? Like I have api deployed on this domain https://api-staging.myapp.com and I want it to also work when the SPA is deployed to something like https://back-staging.myapp.com?
I'm having problems and I think its a cookie problem, the domain part exactly, but I don't want to disable or weaken the security on my staging/dev server.
Thanks a lot,
I finally decided to implement a double strategy. While in local development, I use personal tokens to authenticate and to do requests. Tokens are meant to be durable but thats not an issue in local environment. When the app is deployed to servers, use the normal cookie strategy, using CORS and credentials.
Reviving this post.... did you ever figure out a way to do this with cookies? It'd be great to not have to switch back and forth.
Hey @evanlalo I did not need to look for another way and I no longer work on that project. Sorry.
I'm also facing this situation
Please or to participate in this conversation.