Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
hello everyone , so my question is when using vue + axios and you have a post request how to protect against Cross-site request forgeries because i tried to send a get request to /sanctum/csrf-cookie then in my post request to /UserLogin in network tab when i inspect i don't found any cookies request is this mean that axios is not sending the XSRF-TOKEN in header request ? if so what should i do ?
Here is an example of how you have to use the sanctum/csrf-cookie route.
async login(user) {
await api.get('/sanctum/csrf-cookie')
await api.post('/login', { email: user.email, password: user.password })
let response = await api.get('/api/user')
return response.data
},
You don't have to retrieve any cookie, it's done under the hood.
@vincent15000 now when i make a get request to /sanctum/csrf-cookie i receive this error net::ERR_CONNECTION_REFUSED
problem fixed thanks @vincent15000
@omarb Thank you ... if you have fixed your problem, can you please close the post by assigning a best answer ?
Please or to participate in this conversation.