-
-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
X-XSRF-TOKEN / CSRF Header not being set #12
Comments
Hey @nanayaw-kirk, we've already discussed similar issues in #4 and #6, but it was related mostly to CSR mode, so please check your Laravel configuration and make sure that:
Also, I would recommend cleaning cookies if you work with localhost to avoid overlapping values from different apps. If nothing helps, please provide more details like Laravel and Nuxt configurations as well as examples of API requests/responses with headers. |
@manchenkoff I appreciate your response. Here's some context to my problem. However, when I inspect the request being sent using the login function on the useSanctumAuth() composable, this header is not present. The laravel docs states that
So my question/issue is how do I ensure this Header is set? Here's a screenshot of the request headers for the login request. At this point the cookie has already been set by sanctum/csrf-cookie endpoint |
Basically, the client builds different headers set depending on the mode of the request (CSR / SSR), you can check this interceptor code. I didn't put any logger or console output, so if you want to debug it and check the actual values, you can clone the repo and use Nuxt playground with your backend API. Just adjust the configuration a little bit and run the dev server.
Unfortunately, there is no way to extend Anyway, besides cookies you should see ![]() Could you also check that API properly returns cookie for csrf request right before the login request? |
My issue is with the domains. My env was set to the deployed staging server and the Sanctum docs clearly state that for SPA authentication to work, the backend and frontend should sit on the same TLD. @manchenkoff thanks for taking a look at my issue even though it turned out to be a silly one :) I'm going to close this issue now. |
After the initial request to sanctum/csrf-cookie endpoint and setting the cookie, there is no X-XSRF-TOKEN header present in the login request when the login function on the useSanctumAuth() composable if called.
I am currently using the exact configuration found in
The text was updated successfully, but these errors were encountered: