Hey I am running a latest version of laravel-enso where it add laravel santrum for the authentication.. when i try to run /api/core/home from chrome it redirect me to /api/login but it works with the axios in vue components ... can you please help me?

laravel-enso / enso

Laravel Vue SPA, Bulma themed. For demo login use `admin@laravel-enso.com` & `password` -

https://www.laravel-enso.com

MIT License

1.08k stars 277 forks source link

Hey I am running a latest version of laravel-enso where it add laravel santrum for the authentication.. when i try to run /api/core/home from chrome it redirect me to /api/login but it works with the axios in vue components ... can you please help me? #329

Closed Sweetlegs closed 4 years ago

Sweetlegs commented 4 years ago

This is a bug | feature request.

Prerequisites

[x] Are you running the latest version?
[x] Are you reporting to the correct repository? (enso is made of many specialized packages: https://github.com/laravel-enso)
[x] Did you check the documentation?
[x] Did you perform a cursory search?

Description

Steps to Reproduce

Expected behavior

Actual behavior

raftx24 commented 4 years ago

Hi @Sweetlegs did you add SANCTUM_STATEFUL_DOMAINS to your .env?

Sweetlegs commented 4 years ago

Yes I did

raftx24 commented 4 years ago

@Sweetlegs Aha I guess I understand the issue. You cannot directly open /api/core/home right? this is because sanctum will check the referer in the header request and only requests come from SANCTUM_STATEFUL_DOMAINS can authenticate with the session, If you want to use it as an API you should create a token and connect with the token.

Sweetlegs commented 4 years ago

I don't know how to do that ... can you help me how to create a token and connect with the token

raftx24 commented 4 years ago

Yes, sure, first you should go to administration/users, and then select a user, then you can create a token there,

Sweetlegs commented 4 years ago

Thank you so much I am able to generate the token how can i use that in api in chrome /api/core/home/?token=1|P9x44PHhzApy95IiV6lQoWZQdlWT8XZ1kA4DktBChQkyYkdFq5VbhiZoNjSACZfBjNJ3Ap6Oj6W67yiX it still redirect me to /api/login page

raftx24 commented 4 years ago

I assumed you want to use it as API, why do you need to open /api/core/home in chrome directly?

Sweetlegs commented 4 years ago

its easy to debugging .. in old version I am able to do /api/core/home in chrome url but this latest version did allow me to do that

raftx24 commented 4 years ago

Aha, anyway if you want to open in chrome you can change vendor/laravel-enso/core/src/Http/Middleware/EnsureFrontendRequestsAreStateful.php in this way

class EnsureFrontendRequestsAreStateful extends Middleware
{
    public static function fromFrontend($request)
    {
        return true;
    }
}

It can help you for debugging :) it is only a very raw idea I'm sure you can find a much better idea like using web authentication instead of sanctum

Sweetlegs commented 4 years ago

Perfect it work... Thank you so much