Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

mohamadAbdelhady's avatar

i keep getting csrf token mismatch when i set SANCTUM_STATEFUL_DOMAINS to "localhost:5173"

i keep getting csrf token mismatch when i set SANCTUM_STATEFUL_DOMAINS to "localhost:5173" when i remove the port the login work fine but the api/user keep returning unauthenticated the video i watch about debugging this error said the error happen because SANCTUM_STATEFUL_DOMAINS is not set to the same frontend domain so i changed but still returning unauthenticated and now the login is returning csrf token mismatch again i don't know what am i suppose to do right now

env

APP_URL=http://localhost:8000

APP_FRONTEND_URL=http://localhost:5173
SESSION_DRIVER=database
SESSION_LIFETIME=120
SESSION_ENCRYPT=false
SESSION_PATH=/
SESSION_DOMAIN=localhost
SESSION_SECURE_COOKIE=false
SANCTUM_STATEFUL_DOMAINS=localhost:5173

cors.php

'paths' => ['api/*', 'sanctum/csrf-cookie'],

    'allowed_methods' => ['*'],

    'allowed_origins' => [env('APP_FRONTEND_URL', 'http://localhost:3000')],

    'allowed_origins_patterns' => [],

    'allowed_headers' => ['*'],

    'exposed_headers' => [],

    'max_age' => 0,

    'supports_credentials' => true,
0 likes
1 reply
Shivamyadav's avatar

And where is your code when you are hitting any post request that gives you error token mismatch are you sure you are including the credentials and csrf token with request

Please or to participate in this conversation.