The cookie "sanctum.token.cookie" was rejected because a non-HTTPS cookie cannot be set as "secure".

[OrPh4ns]

Expected behavior

Login without errors

Actual behavior

The cookie "sanctum.token.cookie" was rejected because a non-HTTPS cookie cannot be set as "secure".

### On Login and can't redirect to the homepage on logging in

in Browser with German language

Module information

• Content of your nuxt.config.ts:

// REPLACE WITH YOUR FILE CONTENT!
// https://nuxt.com/docs/api/configuration/nuxt-config
export default defineNuxtConfig({
  ssr: false,
  compatibilityDate: '2024-04-03',
  devtools: { enabled: true },
  modules: ['@pinia/nuxt','nuxt-auth-sanctum','nuxt-feather-icons'],
  sanctum: {
    proxy: true,
    baseUrl: 'http://localhost:8000/',
    mode: "token",
    redirectIfAuthenticated: false,
    redirectIfUnauthenticated: true,
    endpoints: {
      csrf: '/sanctum/csrf-cookie',
      login: '/api/auth/login',
      logout: '/api/auth/logout',
      user: '/api/profile',
    },

    // csrf: {
    //   cookie: 'XSRF-TOKEN',
    //   header: 'X-XSRF-TOKEN',
    // },
    redirect: {
      keepRequestedRoute: false,
      onLogin: '/',
      onLogout: '/auth/logout',
      onAuthOnly: '/auth/login',
      onGuestOnly: '/',
    },
    globalMiddleware: {
      enabled: true,
      allow404WithoutAuth: false,
    },
  }
})

Nuxt environment:

• Version: nuxt: ^3.13.2, "nuxt-auth-sanctum": "^0.4.11",
• SSR Enabled: no
• Environment: No Local but dev mode

Laravel environment:

• Version: laravel/framework": "^11.0
• Sanctum installed via Breeze: / no
• Checklist completed: yes / no
• What is your session domain in config/session.php: SESSION_DOMAIN=.localhost
• What is your stateful domains in config/sanctum.php: SANCTUM_STATEFUL_DOMAINS=http://localhost:8000,localhost:3000,localhost:8000,http://localhost:3000
• Content of config/cors.php:

[OrPh4ns]

login works only on localhost but on uploading to dev server with ip xx.xx.xx.x:3000 and backend with same ip xx.xx.xx.x:8000 it does not work

[OrPh4ns]

even success login on localhost i get this message before redirecting to home page

The cookie "sanctum.token.cookie" does not have a valid value for the "SameSite" attribute. Soon, cookies without the "SameSite" attribute or with an invalid value for it will be treated as "Lax". This will stop the cookie from being sent to contexts belonging to a third party. If your application needs the cookie in these contexts, please add the "SameSite=None" attribute to it. For more information about the "SameSite" attribute, see https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite.

[manchenkoff]

Hey @OrPh4ns, it looks like you are using HTTP protocol instead of HTTPS on your server, please check Laravel configuration in session.php and set secure to false. Otherwise, you have to use HTTPS for Nuxt/Laravel applications (for your address 10.1.80.141). Also, you should not use .localhost as your SESSION_DOMAIN, sometimes it can work localhost but better to keep it empty or use correct TLD.