SPA Sanctum Same Domain in Laravel Herd

Hello guys, just quick question about APIs in laravel (newbie here)

my laravel api is sitting on myproject.test (as I am using herd), but my SPA is on localhost:3000. The problem is that Sanctum requires my SPA and API to be on the same domain so when I am requesting for csrf-cookie, the XSRF-TOKEN is rejected. What are the ways i can fix this?

By proxying my spa?
Delete my Laravel Herd so i can just use php artisan serve?

AddWebContribution

9 months ago

Level 42

Yes, proxying your SPA to use the same domain as your Laravel API is the best approach.

For example, you can use a proxy in your frontend dev server to forward API requests to your Laravel backend.

Removing Herd and using php artisan serve won’t help directly, because the core issue is cross-domain CSRF protection. Even with php artisan serve, your frontend and backend would still be on different domains.

Please or to participate in this conversation.