Level 1
i got the same issue. tell me if you done fix it
1 like
Sep 4, 2021
7
Level 3
Axios not handling XSRF token - Vue Laravel Sanctum
I am integrating a Vue JS (Quasar framework) based SPA with API. The API is built in Laravel and is using sanctum for CSRF.
When I send a request to the sanctum endpoint https://api.someweburl.com/sanctum/csrf-cookie it sends the XSRF-TOKEN cookie in the response. But when I am sending the the POST request, the X-XSRF-TOKEN is not attaching itself with the header. And I am getting a 'token mismatch' error.
The front-end is on my localhost:8080 while the API is live on a url. I do not have direct access to the Laravel project but only the API.
Following is my axios configuration
import Vue from 'vue';
import axios from 'axios';
const apiBaseUrl = "https://api.someweburl.com";
const api = axios.create({ baseURL: apiBaseUrl });
api.defaults.withCredentials = true;
Vue.prototype.$axios = axios;
Vue.prototype.$api = api;
Vue.prototype.$apiBaseURL = apiBaseUrl;
export { axios, api, apiBaseUrl }
Following is the request format that I am trying to achieve i.e A POST request after getting the CSRF
export const fetchAllEvents = async function (context, payload) {
this._vm.$api.get('/sanctum/csrf-cookie').then(response => {
this._vm.$api.post('/api/website/event/all').then(response => {
context.commit('setAllEvents', response.data.data);
}).catch(error => {
console.log(error);
})
}).catch(error => {
console.log(error);
})
}
When I use Postman to make the POST request with X-XSRF-TOKEN added as header, i am getting the correct response. Which means the API is working correctly. But there's some issue with either with axios or the cookie origin settings. How do I figure this out.
Any help will be appreciated.
Level 63
@krismawan_riki Have you solved your issue ? With axios you have very few things to do, but the main configuration is in the sanctum, cors and session configuration files.
Level 63
I have the same issue, but I don't have any answer.
Level 2
I have the same issue, I'm looking for how to set cockie not samesite value. But cant figure out.
Level 1
It is because API routes do not have session enabled for the application, because it expects application to use Tokens, so in order to use sessions, you need to have "Web" middleware Token mismatch error would be because generated/provided token through get-token endpoint wouldn't be the correct one
Solution I see would be to add /cart route as an exception route for CSRFTokenMatch, to do that open App/Http/Middleware/VerifyCsrfToken.php file and add route in protected $except array. This is not an ideal thing to do but this will solve your problem for now and help you to move forward. Another option to make your application secure is to use Laravel Sanctum and generate a token for every guest user (Using Guest Model), if https://shagle.download you need help with that I can explain more, but its a little https://omegle.ws different scenario
Level 47
you are using a async function , but inside it , you did not use await. I would say you can simplify your axios request. Not sure you need to do those prototype define.
Level 2
Hello, to solve this issue create an axios.js file where your axios config should be. The contents of the file will look like this:
import Axios from "axios";
const axios = Axios.create({
baseURL: 'http://your-api-url',
headers: {
'X-Requested-With': 'XMLHttpRequest',
},
withCredentials: true,
})
export default axios
With this you can now import your axios.js wherever you need it and send requests and the x-xsrf-token will be sent with it
Please or to participate in this conversation.