[Bug] User Endpoint failing in prod

[hussainabeer]

Describe the bug In production, somehow when SSR turned on, the user fetch seems to be failing with a 401 response. Weird part is this only happens in the production env and not dev.

To Reproduce Steps to reproduce the behavior:

1. Sign up route which authenticates the user
2. On response, a refresh of the browser should get the current user and set the authenticated status
3. When turning off ssr through nuxt config in prod, this works

Expected behavior When user is authenticated, it should get the current user and set the authentication status

Screenshots

Module information

• Version: 0.2.3
• Complete configuration of sanctum from your nuxt.config.ts

export default defineNuxtConfig({
    modules: ['nuxt-auth-sanctum'],

     sanctum: {
        baseUrl: process.env.API_HOST,
        origin: process.env.SANCTUM_ORIGIN,
        endpoints: {
            login: '/website/login',
            logout: '/website/logout',
            user: '/api/website/profile',
        },
        logLevel: 5,
    },
});

Nuxt environment:

• Version: 3.11.0
• Mode: SSR
• Environment: production

Laravel environment:

• Version: 11.0
• Sanctum installed via Breeze: [Yes ]
• Checklist completed: [ Yes]
• Session domain from your config/session.php: [.wdm.mv]
• List of stateful domains from your config/sanctum.php

return [
   'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
        '%s%s%s',
        'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
        Sanctum::currentApplicationUrlWithPort(),
        env('FRONTEND_URL') ? ',' . parse_url(env('FRONTEND_URL'), PHP_URL_HOST) : ''
    ))),
];

• CORS settings from your config/cors.php

return [
    'paths' => ['*'],

    'allowed_methods' => ['*'],

    'allowed_origins' => array_values(collect(array_merge([env('FRONTEND_URL', 'http://localhost:3000')], explode(",", env("CORS_ORIGINS", env('FRONTEND_URL', 'http://localhost:3000')))))->unique()->toArray()),

    'allowed_origins_patterns' => [],

    'allowed_headers' => ['*'],

    'exposed_headers' => [],

    'max_age' => 0,

    'supports_credentials' => true,
];

Additional context I have censored some of the details since its a project for a client. Any help regarding this issue is highly appreciated.

[hussainabeer]

Also some additional context: This endpoint is only if the user is not authenticated. if I sign up a user, (after which the authentication status is failing to set since fetch user request is failing) if I try to sign up again, that request is failing saying that the user is already authenticated.

Hope this helps

[hussainabeer]

My bad.... I defined the origin wrong on prod 😅 apologies.