search

laravel / sanctum

Laravel Sanctum provides a featherweight authentication system for SPAs and simple APIs.
https://laravel.com/docs/sanctum
MIT License
2.77k stars 299 forks source link

SPA authentication leads to '400: bad request error' #500

Closed nvdid closed 9 months ago

nvdid commented 9 months ago

Sanctum Version

3.3.3

Laravel Version

10.44.0

PHP Version

8.1.2

Database Driver & Version

No response

Description

I did as the docs says. Then I noticed I sometimes get 400 errors with the following message:

<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Size of a request header field exceeds server limit.</p>

This happens due to the big size of cookies sent in the request which is apparently caused by EnsureFrontendRequestsAreStateful. I think it sets new cookies over and over for sessionId and authentication. To solve it maybe there should be a way to reuse the cookies or reset them in the middleware.

Steps To Reproduce

1- Add SPA authentication to the project 2- Run the server 3- On the client browser, send a request multiple times (browser refresh or manual fetch)

driesvints commented 9 months ago

Hey there,

Can you first please try one of the support channels below? If you can actually identify this as a bug, feel free to open up a new issue with a link to the original one and we'll gladly help you out.

Thanks!