Open ggolda opened 4 years ago
It doesn't work if Broadcast::routes(['middleware' => 'auth:sanctum']);
is inside api.php
(with changed authEndpoint
to point to api/v1/broadcasting/auth
.
But works with a default configuration, when routes are inside web.php
and with default authEndpoint
.
@tlaverdure I found a problem with cookie decryption and Laravel Sanctum: https://github.com/laravel/sanctum/issues/122
In case if they wont fix it, it's worth adding a section how to use laravel-echo-server
with Sanctum:
window.Echo = new Echo({
broadcaster: 'socket.io',
host: window.location.hostname,
auth: {
headers: {
'Referer': window.location.hostname
}
}
});
Without Referer
header all private channel authorization attempts got declined because Sanctum doesn't apply middleware that decrypts tokens and session id is invalid in this case.
@tlaverdure I found a problem with cookie decryption and Laravel Sanctum: laravel/sanctum#122
In case if they wont fix it, it's worth adding a section how to use
laravel-echo-server
with Sanctum:window.Echo = new Echo({ broadcaster: 'socket.io', host: window.location.hostname, auth: { headers: { 'Referer': window.location.hostname } } });
Without
Referer
header all private channel authorization attempts got declined because Sanctum doesn't apply middleware that decrypts tokens and session id is invalid in this case.
how can i use this in a vue project? how can i configure there?
Sanctum + Echo is definitely poorly documented at the moment.
I had the same issue, but my setup is slightly different. I have both laravel and echo dockerized. Nevertheless, after 1 full day of investigation the following config item helped me to solve the private channel connection issue:
auth: { headers: { 'origin': 'localhost' }}
.
Again, in my case both laravel and echo are sharing the same host.
And yes, Broadcast::routes
middleware should include api
in any case, otherwise Laravel is not able to derive a session from cookies.
Does it work with laravel sanctum? https://laravel.com/docs/7.x/sanctum#authorizing-private-broadcast-channels
laravel-echo-server throws 401 when I'm trying to authenticate private channels.