search

brianzzzasd / pokemoneeer

0 stars 0 forks source link

CSRF Token Issue #1

Closed Zhythero closed 1 year ago

Zhythero commented 1 year ago

image

Hi Brian,

I'm currently having an issue with the registration form. Whenever clicking submit, a 419 CSRF Token Mismatch occurs.

Current .env values:

APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:vy5LzWBtw8Yg1dEdwvgTtPcuEVH22+dBOq09joS+ph0=
APP_DEBUG=true
APP_URL=http://brian_repuesto.applicant.test
#APP_URL=http://localhost:8000
SANCTUM_STATEFUL_DOMAINS=localhost:5174,localhost,brian_repuesto.applicant.test
SESSION_DOMAIN=localhost:5174

LOG_CHANNEL=stack
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug

DB_CONNECTION=mysql
DB_HOST=mysql
DB_PORT=3306
DB_DATABASE=brian_repuesto
DB_USERNAME=root
DB_PASSWORD=root

BROADCAST_DRIVER=log
CACHE_DRIVER=file
FILESYSTEM_DISK=local
QUEUE_CONNECTION=sync
SESSION_DRIVER=cookie
SESSION_LIFETIME=120

MEMCACHED_HOST=127.0.0.1

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_MAILER=smtp
MAIL_HOST=mailhog
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS="hello@example.com"
MAIL_FROM_NAME="${APP_NAME}"

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_HOST=
PUSHER_PORT=443
PUSHER_SCHEME=https
PUSHER_APP_CLUSTER=mt1

VITE_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
VITE_PUSHER_HOST="${PUSHER_HOST}"
VITE_PUSHER_PORT="${PUSHER_PORT}"
VITE_PUSHER_SCHEME="${PUSHER_SCHEME}"
VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

The laravel app is being served at http://brian_repuesto.applicant.test and the front-end at http://localhost:5174

brianzzzasd commented 1 year ago

Hi @Zhythero , let me check. Thank you!

brianzzzasd commented 1 year ago

Hi @Zhythero , can you try updating SANCTUM_STATEFUL_DOMAINS to this?

SANCTUM_STATEFUL_DOMAINS=localhost:5174,localhost,brian_repuesto.applicant.test,applicant.test

Zhythero commented 1 year ago

Unfortunately the issue still persists.

brianzzzasd commented 1 year ago

I'm sorry @Zhythero , let me replicate the issue.

brianzzzasd commented 1 year ago

Btw, with Sanctum, in order to make the authentication work on SPAs, it should share the same top level domain with the API.

But let me check what we can do here. Sorry for the trouble. @Zhythero

brianzzzasd commented 1 year ago

Hi @Zhythero , can you try this solution?

in /frontend

can you run vite --host=brian_repuesto.applicant.test instead of npm run dev?

Thank you!

brianzzzasd commented 1 year ago

Also, please update this .env SANCTUM_STATEFUL_DOMAINS=brian_repuesto.applicant.test

and READme has been updated, kindly please pull to the latest. Thank you for your patience!