Good evening, thank you in advance for taking the time to read up on this problem. I am creating a laravel app where remote login for users is required.
The login in the application itself works. The remote login is not.
The laravel app is running on https://apptabai.local. The remote application, a simple index.php file with a form runs on https://remote.login.local.
Cors
<?php
namespace App\Providers;
use App\Models\Origin;
use Config;
use Illuminate\Support\ServiceProvider;
class AppServiceProvider extends ServiceProvider
{
/**
* Register any application services.
*/
public function register(): void
{
//
}
/**
* Bootstrap any application services.
*/
public function boot(): void
{
// FIXME: Is this to correct place for this kinda CORS logic ?
// FIXME: Our should we use $middleware->append(HandleCors) inside the app.php
// FIXME: And create a cors.php in config folder ?
// FIXME: It looks like using a closure inside the cors.php to get all CORS origins from the database does not work.
$allowedOrigins = Origin::pluck('origin')->values()->toArray();
$allowedOrigins = array_filter($allowedOrigins, function ($url) {
return filter_var($url, FILTER_VALIDATE_URL);
});
// Dynamically set allowed origins
Config::set('cors.allowed_origins', $allowedOrigins);
Config::set('cors.paths', ['*']);
Config::set('cors.supports_credentials', 'true');
}
}
Cors Output
macbookpro2017@MacBookPro:~/oldIcloud/localdev/laravel/apptabai-local$ php artisan config:show cors
cors .............
paths ⇁ 0 ........................... *
allowed_methods ⇁ 0 ......... *
allowed_origins ⇁ 0 .......... https://remote.login.local
allowed_origins ⇁ 1 ........ https://apptabai.local
allowed_origins_patterns ............ []
allowed_headers ⇁ 0 ............ *
exposed_headers .................................. []
max_age ......................... 0
supports_credentials .............................. true
Login form on the second domain
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Remote Login</title>
<link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet">
<style>
body {
background-color: #f8f9fa;
}
.login-container {
max-width: 400px;
margin: 80px auto;
padding: 30px;
background: #fff;
border-radius: 10px;
box-shadow: 0 4px 10px rgba(0, 0, 0, 0.1);
}
.user-info {
display: none; /* Hidden by default */
margin-top: 20px;
padding: 15px;
border-radius: 10px;
background: #e9f7ef;
text-align: center;
}
</style>
<script>
document.addEventListener("DOMContentLoaded", function () {
fetch('https://apptabai.local/auth/remote/csrf-token', {
credentials: "include"
})
.then(res => res.json())
.then(data => {
document.getElementById('csrf_token').value = data.token;
});
// Login form submit handler
document.getElementById('loginForm').addEventListener('submit', event => {
event.preventDefault();
fetch('https://apptabai.local/auth/remote/login', {
method: 'POST',
credentials: 'include',
headers: {
'Content-Type': 'application/json',
'X-CSRF-TOKEN': document.getElementById('csrf_token').value,
'Accept': 'application/json',
},
body: JSON.stringify({
email: document.getElementById('email').value,
password: document.getElementById('password').value,
_token: document.getElementById('csrf_token').value,
}),
})
.then(res => res.json().then(data => ({status: res.status, data})))
.then(data => {
// returns CSRF token mismatch.
console.log(data);
})
.catch((e) => {
console.log(e)
});
});
});
</script>
</head>
<body>
<div class="container">
<div class="login-container">
<h3 class="text-center">Remote Login</h3>
<div id="alert" class="alert d-none"></div> <!-- Alert for messages -->
<form id="loginForm" method="POST" accept-charset="http://apptaobai.local/auth/remote/login">
<input type="hidden" id="csrf_token" name="_token" value="">
<div class="mb-3">
<label for="email" class="form-label">Email address</label>
<input type="email" class="form-control" id="email" name="email" required>
</div>
<div class="mb-3">
<label for="password" class="form-label">Password</label>
<input type="password" class="form-control" id="password" name="password" required>
</div>
<button type="submit" class="btn btn-primary w-100">Login</button>
</form>
<!-- User Info Section -->
<div id="userInfo" class="user-info">
<h4>Welcome, <span id="userName"></span>!</h4>
<p><strong>Email:</strong> <span id="userEmail"></span></p>
<p><strong>Role:</strong> <span id="userRole"></span></p>
</div>
</div>
</div>
</body>
</html>
Request https://apptabai.local/auth/remote/csrf-token
GET /auth/remote/csrf-token HTTP/1.1
Pragma: no-cache
Accept: */*
Sec-Fetch-Site: cross-site
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate, br
Sec-Fetch-Mode: cors
Cache-Control: no-cache
Origin: https://remote.login.local
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15
Referer: https://remote.login.local/
Connection: keep-alive
Host: apptabai.local
Sec-Fetch-Dest: empty
Response https://apptabai.local/auth/remote/csrf-token
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: https://remote.login.local
Set-Cookie: XSRF-TOKEN=eyJpdiI6Ilp2a2xmV1g2NmVTU3FiOTFBMEc2V2c9PSIsInZhbHVlIjoiYWdNaHpIajhXYUNlYlB4a1VtemwvYklOdzVvRnJhL2pXZEl3NkVBOSt1MngzRHorQ1pQbE9Ha2xBeVE2RWxuQlJlOVhSVG9FT2hZbVFIU2NjYnpkNXlhMHJmSndMeThIN2dKN1djcVJBcldaQy9pUjUyVXZ1ODhBYVdJNFNGNmkiLCJtYWMiOiI5YmZhMzJlOGYwN2QzZDI3MjVlZTdmZDc3NzgxZWM3ZWNmZjQ2MmM1YjA2YjFiNTRlZDhlZTU0YzQ5YjE0NDhiIiwidGFnIjoiIn0%3D; expires=Mon, 10 Mar 2025 02:00:55 GMT; Max-Age=7200; path=/; secure; samesite=lax, laravel_session=eyJpdiI6InNMVmxqdjBURE1FYjlsdnF3OGxpVHc9PSIsInZhbHVlIjoiY1Z0UnZqTCs1dnpvL0k3T1dqWGhxUmNha2tGcmxUY1BRZ21pOGtPUmhHcW0wSURkalZhZHhFazZ5ZTBoTE5PcWZWVWN1R3NmZVJaRWZBT3E0dGtybmtmSUprWno4d01FYk8zaktYV1NHRzUxRU9RSE5oRDUzQkpYeTZ5WTBodVgiLCJtYWMiOiIxZWQ3MGVmOTg3MmZlNDI1Mjc4MjE4MGY3MjkzZWZlY2E1MjFhN2E3ZGQ2MTIzMDZhMTk2Mzg5M2YxOTFjZjc0IiwidGFnIjoiIn0%3D; expires=Mon, 10 Mar 2025 02:00:55 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax
Transfer-Encoding: Identity
Cache-Control: no-cache, private
Date: Mon, 10 Mar 2025 00:00:55 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin
X-Powered-By: PHP/8.2.27
Server: nginx/1.27.4
X-RateLimit-Remaining: 9
phpdebugbar-id: 01JNYNNHHCBS1B3S8WABQ42K8G
X-RateLimit-Limit: 10
And this is where is goes wrong
Request https://apptabai.local/auth/remote/login
POST /auth/remote/login HTTP/1.1
Content-Type: application/json
Pragma: no-cache
Accept: application/json
Sec-Fetch-Site: cross-site
Accept-Language: en-US,en;q=0.9
Cache-Control: no-cache
Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate, br
Origin: https://remote.login.local
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15
Referer: https://remote.login.local/
Content-Length: 100
Connection: keep-alive
Sec-Fetch-Dest: empty
Host: apptabai.local
X-CSRF-TOKEN: afoZpPE61R0dLtncLGBI4tycT002OgWKjEX8Qlu0
Request data
{"email":"[email protected]","password":"password","_token":"afoZpPE61R0dLtncLGBI4tycT002OgWKjEX8Qlu0"}
Response https://apptabai.local/auth/remote/login*
HTTP/1.1 419 unknown status
Content-Type: application/json
Access-Control-Allow-Origin: https://remote.login.local
Set-Cookie: laravel_session=eyJpdiI6InN0akI5aCs1b0tFUHdXQnhDSWcrd0E9PSIsInZhbHVlIjoiWUliYWVyTTlpWmhaWXE2RnE3S1JLZnZ2TmRPT2VFei9rN3dSK2s4d25SbGJPOXFtNnpsZFlUYStQS3dMK1lTb2tRUnJmSStKcUlOaEtoUUcxU1lMcXAxV3k2VlJxcmNlMGF3NnN6M0JtK2kraE9rRjg4NTJJUk9VUDJ4Q3pkSzEiLCJtYWMiOiJlMTdjMDFlYzM4N2M2YmNiMDI0NDU5NWI2MDdkNGMxMjNjYzNkYmM3ZmFkZThmMTNjNDViZjRiYzQyMTRiYTNlIiwidGFnIjoiIn0%3D; expires=Mon, 10 Mar 2025 02:04:03 GMT; Max-Age=7200; path=/; secure; httponly; samesite=lax
Transfer-Encoding: Identity
Cache-Control: no-cache, private
Date: Mon, 10 Mar 2025 00:04:03 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Vary: Origin
X-Powered-By: PHP/8.2.27
Server: nginx/1.27.4
phpdebugbar-id: 01JNYNV8ZFR38ENP8K2BRPKZFK
Error 419 content
{
"message": "CSRF token mismatch.",
"exception": "Symfony\\Component\\HttpKernel\\Exception\\HttpException",
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php",
"line": 641,
"trace": [
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php",
"line": 584,
"function": "prepareException",
"class": "Illuminate\\Foundation\\Exceptions\\Handler",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php",
"line": 51,
"function": "render",
"class": "Illuminate\\Foundation\\Exceptions\\Handler",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 214,
"function": "handleException",
"class": "Illuminate\\Routing\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php",
"line": 49,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 209,
"function": "handle",
"class": "Illuminate\\View\\Middleware\\ShareErrorsFromSession",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php",
"line": 121,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php",
"line": 64,
"function": "handleStatefulRequest",
"class": "Illuminate\\Session\\Middleware\\StartSession",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 209,
"function": "handle",
"class": "Illuminate\\Session\\Middleware\\StartSession",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php",
"line": 37,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 209,
"function": "handle",
"class": "Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php",
"line": 75,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 209,
"function": "handle",
"class": "Illuminate\\Cookie\\Middleware\\EncryptCookies",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 127,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
"line": 807,
"function": "then",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
"line": 786,
"function": "runRouteWithinStack",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
"line": 750,
"function": "runRoute",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Routing/Router.php",
"line": 739,
"function": "dispatchToRoute",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",
"line": 201,
"function": "dispatch",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 170,
"function": "Illuminate\\Foundation\\Http\\{closure}",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php",
"line": 66,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 209,
"function": "handle",
"class": "Barryvdh\\Debugbar\\Middleware\\InjectDebugbar",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php",
"line": 21,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php",
"line": 31,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 209,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php",
"line": 21,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php",
"line": 51,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 209,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TrimStrings",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Http/Middleware/ValidatePostSize.php",
"line": 27,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 209,
"function": "handle",
"class": "Illuminate\\Http\\Middleware\\ValidatePostSize",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php",
"line": 110,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 209,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Http/Middleware/HandleCors.php",
"line": 62,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 209,
"function": "handle",
"class": "Illuminate\\Http\\Middleware\\HandleCors",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php",
"line": 58,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 209,
"function": "handle",
"class": "Illuminate\\Http\\Middleware\\TrustProxies",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/InvokeDeferredCallbacks.php",
"line": 22,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 209,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\InvokeDeferredCallbacks",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php",
"line": 127,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",
"line": 176,
"function": "then",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php",
"line": 145,
"function": "sendRequestThroughRouter",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/vendor/laravel/framework/src/Illuminate/Foundation/Application.php",
"line": 1220,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "/Users/macbookpro2017/oldIcloud/localdev/laravel/apptabai-local/public/index.php",
"line": 17,
"function": "handleRequest",
"class": "Illuminate\\Foundation\\Application",
"type": "->"
}
]
}
