Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

419 CSRF token mismatch. #10

Closed
marctaule opened this issue May 19, 2023 · 2 comments
Closed

419 CSRF token mismatch. #10

marctaule opened this issue May 19, 2023 · 2 comments

Comments

@marctaule
Copy link

Hi!
I have a problem and I don't know why it happens.
In local everything works fine, but in production I have mydomain.com (frontend) and api.mydomain.com (backend). When I try to login I get 419 ("message": "CSRF token mismatch.").
Do you know why?
Thanks and good job! :)
@amrnn90
Copy link
Owner

amrnn90 commented May 19, 2023
edited

Have you checked the configuration section on Sanctum docs?

You are likely missing this:

Finally, you should ensure your application's session cookie domain configuration supports any subdomain of your root domain. You may accomplish this by prefixing the domain with a leading . within your application's config/session.php configuration file:
'domain' => '.domain.com'

Make sure to include that dot prefix!

So in your case it should be:

'domain' => '.mydomain.com'

You can also do this through an environment variable:

SESSION_DOMAIN=.mydomain.com

Hope this helps.

@marctaule
Copy link
Author

Hi @amrnn90 ! nice! It works! I was getting crazy :)
Thanks you so much!!

@amrnn90 amrnn90 closed this as completed May 19, 2023
@amrnn90 amrnn90 mentioned this issue Jul 16, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@amrnn90 @marctaule