Closed Fukao0129 closed 4 weeks ago
I've resolved this issue!
I added an option as below:
sanctum: {
csrf: {
header: "X-CSRF-TOKEN",
},
},
Then the header of login API changed from "x-xsrf-token" to "x-csrf-token". The login API seems to be working well.
Hey @Fukao0129, I'm glad you resolved the issue very quick. However, it looks like you have some misconfiguration on Laravel side since X-CSRF-TOKEN is deprecated, your API should work properly with X-XSRF-TOKEN which is encrypted, for more details see the official docs here and here. I assume you should check cookies config to make sure you are using secure ones and also double-check the middleware you use for different routes.
@manchenkoff Thank you for your reply! As you mentioned, I will check the settings and other details. If I encounter any problems, I will create an issue, and I would appreciate your help then.
Hello @manchenkoff, Thank you for this awesome module.
I'm in a trouble now.
When I try to login, the login API fails with 419 "CSRF token mismatch." error.
nuxt@3.9.0
nuxt-auth-sanctum@0.4.6
Laravel@9.52.16
laravel/sanctum@3.0
nuxt.config.ts
login.vue
cors.php
Kernel.php
.env (for Laravel)
The "http://localhost/sanctum/csrf-cookie" API seems to be working well. After this API is called, "XSRF-TOKEN" and "laravel_session" are set to the browser's Cookie. And they seem to be set to the headers of login API.
Request Headers of login API
What should I do to login?
I look forward to your reply.
If more informations are needed, please let me know.
(Since English is not my first language, I apologize in advance if there are any rude expressions.)