Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[5.6] Make Axios automatically send X-CSRF-TOKEN in the header #4128

Merged
merged 1 commit into from Jan 30, 2017
Merged

[5.6] Make Axios automatically send X-CSRF-TOKEN in the header #4128

merged 1 commit into from Jan 30, 2017

Conversation

michael2h4ng
Copy link
Contributor

@michael2h4ng michael2h4ng commented Jan 30, 2017
edited

Axios doesn't automatically send the X-CSRF-TOKEN that the passport token guard is looking for.

See laravel/passport#256 and laravel/docs#3045

@michael2h4ng michael2h4ng mentioned this pull request Jan 30, 2017
Merged
@ianrodrigues
Copy link

@monomichael #4127

@taylorotwell
Copy link
Member

taylorotwell commented Jan 30, 2017
edited

Axios does automatically send a header it just sends X-XSRF-TOKEN. We need to update passport to check for both headers I think?

@taylorotwell taylorotwell merged commit 7a44ebe into laravel:master Jan 30, 2017
@cheykeodina
Copy link

cheykeodina commented Feb 21, 2017
edited

I end up with this kind of error why?
TypeError: window.Laravel is undefined
'X-CSRF-TOKEN': window.Laravel.csrfToken,

@rickbolton
Copy link
Contributor

With axios you don't require to set this so I would remove this.

If you want to fix the window.Laravel is undefined then add it before your JS file within your Laravel blade template e.g.

<script>
        window.Laravel = <?php echo json_encode([
            'csrfToken' => csrf_token(),
        ]); ?>;
</script>

@cheykeodina
Copy link

@rickbolton I follow the document of Laravel https://laravel.com/docs/5.4/passport#consuming-your-api-with-javascript and watch video lesson in Laracast as well. However, it still show error:Unauthorized. Is there any problem with the document. I use Apache2, PHP version 5.6, MySQL5.5, is there any problem with this environment.

bkrukowski pushed a commit to bkrukowski/laravel that referenced this pull request Mar 10, 2017
Merge pull request laravel#4128 from monomichael/master
4edd69c 
Make Axios automatically send `X-CSRF-TOKEN` in the header
@Paltond
Copy link

Paltond commented Mar 25, 2017

I'm experiencing the same problems as @cheykeodina

@MarGul
Copy link

MarGul commented Mar 27, 2017

@cheykeodina Not sure if this is your issue but after you have authenticated you need to make a "dummy" GET request to get the laravel_token. This is if you have an SPA that makes a POST request to authenticate.

Better yet is to extend CreateFreshApiToken middleware and make it send back a fresh token on both POST and GET. See here: https://github.com/MarGul/Bidder/blob/master/app/Http/Middleware/CreateFreshApiToken.php

@itsUndefined itsUndefined mentioned this pull request Feb 20, 2018
Closed
@KangYoosam
Copy link

great pr

@GrahamCampbell GrahamCampbell changed the title Make Axios automatically send X-CSRF-TOKEN in the header [5.6] Make Axios automatically send X-CSRF-TOKEN in the header Jun 2, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
10 participants
@michael2h4ng @ianrodrigues @taylorotwell @cheykeodina @rickbolton @Paltond @MarGul @KangYoosam @RomainLanz @conterno