Level 1
Did you find a solution to that?
Jul 9, 2020
3
Level 1
Sanctum: No CSRF cookie in response from /sanctum/csrf-cookie
I followed the setup process for Laravel Sanctum and when I run
axios.get('/sanctum/csrf-cookie)
I get a valid 204 response but no CSRF cookie in the response, only the session cookie.
cURL Request:
curl --location --request GET 'localhost:8000/sanctum/csrf-cookie' \
--header 'Access-Control-Allow-Credentials: true'
cURL Response:
Host:
localhost:8000
Date:
Thu, 09 Jul 2020 13:02:25 GMT
Date:
Thu, 09 Jul 2020 13:02:25 GMT
Connection:
close
X-Powered-By:
PHP/7.4.7
Cache-Control:
no-cache, private
Access-Control-Allow-Origin:
Vary:
Origin
Access-Control-Allow-Credentials:
true
Set-Cookie:
app_session=eyJpdiI6ImoyR2lZVkdqWjJ4Zm9HSC9QYSt2cWc9PSIsInZhbHVlIjoidmJOYkFmeitVNTJ2RytwY0VXM1dvZG5EaFdXSGF4ZSthWVBPYW41R3RhWlhGV1l3dXRpck0rWnFTNWtOQXFMViIsIm1hYyI6ImU1OGU5NGQ0N2FhZDBiYTg1ZDc0MDc3MzIwNGUzYTE4NTE2YTUxOTA0ODY4NmFjNmU1MjkxYTdiNjA4YjE2YjIifQ%3D%3D; expires=Thu, 09-Jul-2020 15:02:25 GMT; Max-Age=7200; path=/; domain=localhost; httponly; samesite=lax
Level 1
Did you define the calling domain (including port! if any) in the sanctum config file? The comment in the config file states that only domains/IPs listed there get a "stateful API authentication cookie".
Level 1
Wish I could help, having the same issue... pretty weird that the controller for the route simply returns an empty response each time...
namespace Laravel\Sanctum\Http\Controllers;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
class CsrfCookieController
{
/**
* Return an empty response simply to trigger the storage of the CSRF cookie in the browser.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function show(Request $request)
{
if ($request->expectsJson()) {
return new JsonResponse(null, 204);
}
return new Response('', 204);
}
}
Please or to participate in this conversation.