Level 63
If the token is encrypted, it's for security reasons. You don't have to decrypt it.
I suggest you to use Sanctum for authentication from a SPA.
Dec 9, 2024
3
Level 2
Using XSRF-TOKEN cookie in SPA
Hi guys, XSRF-TOKEN cookie is encrypted in Laravel. How do I use it in a SPA? From the docs, I thought I could just pass it directly to X-XSRF-TOKEN header, but it doesn't work. I need to decode it.
Should I decode it on server-side and then pass it to the front-end? What's the expected workflow here?
Level 2
@vincent15000 I already use Sanctum, but I still don't understand how am I supposed to use that value from a cookie. The docs say:
During this request, Laravel will set an
XSRF-TOKENcookie containing the current CSRF token. This token should then be passed in anX-XSRF-TOKENheader on subsequent requests, which some HTTP client libraries like Axios and the Angular HttpClient will do automatically for you. If your JavaScript HTTP library does not set the value for you, you will need to manually set theX-XSRF-TOKENheader to match the value of theXSRF-TOKENcookie that is set by this route.
I'm just using fetch() and I manually set X-XSRF-TOKEN header, but I'm getting a mismatch if I use that encrypted value. But when I put csrf_token() in my markup and then use that value in the header, it works.
1 like
Level 63
@beartown You don't have to handle the cookie, it's just automatic.
Once you call the /sanctum/csrf-cookie request, you don't have to do anything else than logging in.
axios.get('/sanctum/csrf-cookie').then(response => {
// Login...
});
Please or to participate in this conversation.