Closed tobeycodes closed 3 years ago
I also noticed that the CSRF token is not being set as a cookie on the response like normal api routers are, but perhaps that is intentional.
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
I found the solution. It appears that I was incorrectly spelling the header name X-XSRF-TOKEN
. Sorry
Describe the bug
On a new install of Laravel v8 with Lighthouse installed I am getting a
CSRF token mismatch.
error on all graphql requests.Steps to reproduce
I have confirmed that the xsrf token is being sent with requests in the browser. API methods outside of graphql are working and I am able to authenticate with Laravel Fortify as well.
I have tried to following the documentation exactly as shown here https://lighthouse-php.com/5.1/security/authentication.html#attemptauthentication-middleware
Lighthouse Version