Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mohamedhamidi's avatar

Nginx not forwarding laravel sanctum csrf cookie

Description :

I have a web app running in docker container as following :

  1. Frontend : React
  2. Backend : PHP 8.2 / Laravel 10
  3. Nginx v1.25 web server

I am using Laravel Sanctum for cookie session handling.

Problem :

When i hit the /sanctum/csrf-cookie endpoint it returns 200 empty response without setting cookie session or 'Set-Cookie' header whether from frontend or postman .

Expected result :

It should return 204 no content response and sets cookie session with 'Set-Cookie' header.

Codes :

Nginx config file :

upstream docker-backend {
    server backend;
}

server {
    listen 80;
    listen [::]:80;
    server_name localhost;
    root /var/www/html/public;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options "nosniff";
 
    index index.php;
 
    charset utf-8;
 
    location / {
        proxy_pass http://docker-backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-CSRF-TOKEN $cookie_csrf_token;
        proxy_set_header Cookie $cookie_session;
        
        try_files $uri $uri/ /index.php?$query_string;        
    }
 
    error_page 404 /index.php;
 
    location ~ \.php$ {        

        add_header 'Access-Control-Allow-Origin' $http_origin;
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
        add_header 'Access-Control-Allow-Headers' '*';


        fastcgi_pass backend:9000;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }
 
}

docker-compose.yml file

services:

  # BACKEND

  backend:
    build:
      context: ./backend
      dockerfile: Dockerfile
    container_name: backend
    ports:
      - 9000:9000
    volumes:
      - ./backend:/var/www/html
    depends_on:
      - mysql_db
    networks:
      app:
  			aliases:
                - backend
  # FRONTEND
  
  frontend:
    build:
      context: ./frontend
      dockerfile: Dockerfile
    container_name: frontend
    tty: true
    ports:
      - 5173:5173
    volumes:
      - ./frontend:/frontend
    depends_on:
      - backend
    links:
      - backend
    networks:
      - app
  
  # Nginx
  
  nginx:
    image: nginx:alpine
    container_name: nginx
    restart: unless-stopped
    tty: true

    ports:
      - "8000:80"
    volumes:
      - ./backend:/var/www/html
      - ./backend/nginx/:/etc/nginx/conf.d/
    networks:
      - app
networks:
  app:
    driver: bridge

The backend php Dockerfile :

FROM php:8.2-fpm-alpine3.19

RUN apk add libzip-dev

RUN docker-php-ext-install pdo pdo_mysql zip

RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer

EXPOSE 9000
CMD ["php-fpm"]

I have tried all the possible Nginx configs i found and all of them return the same response (I have basic experience with Nginx)

0 likes
0 replies

Please or to participate in this conversation.