search

tlaverdure / laravel-echo-server

Socket.io server for Laravel Echo
MIT License
2.65k stars 512 forks source link

Sanctum SPA Authentication (CSRF protection) got HTTP status 401 #548

Open anwarx4u opened 4 years ago

anwarx4u commented 4 years ago

Describe the bug Hi all, I am using the Sanctum SPA Authentication (CSRF protection) system for my application Authentication. It is working well. But I am unable to authenticate broadcasting.

The following process is being used:

Middleware : Broadcast::routes(['middleware' => ['auth:sanctum']]);

laravel-echo-server.json


{ 
        "authHost": "https://web.test",
    "authEndpoint": "/broadcasting/auth",
    "clients": [],
    "database": "redis",
    "databaseConfig": {
        "redis": {},
        "sqlite": {
            "databasePath": "/database/laravel-echo-server.sqlite"
        }
    },
    "devMode": true,
    "host": null,
    "port": "6002",
    "protocol": "https",
    "socketio": {},
    "secureOptions": 67108864,
    "sslCertPath": "/Users/macbook/.config/valet/Certificates/web.test.crt",
    "sslKeyPath": "/Users/macbook/.config/valet/Certificates/web.test.key",
    "sslCertChainPath": "/Users/macbook/.config/valet/Certificates/web.test.csr",
    "sslPassphrase": "",
    "subscribers": {
        "http": true,
        "redis": true
    },
    "apiOriginAllow": {
        "allowCors": true,
        "allowOrigin": "",
        "allowMethods": "",
        "allowHeaders": "Origin, Content-Type, X-Auth-Token, X-Requested-With, Accept, Authorization, X-CSRF-TOKEN, X-Socket-Id"
    }
}

Bootstrap.js

import Echo from 'laravel-echo'; window.io = require('socket.io-client');

var lv_echo_port = process.env.MIX_LARAVEL_ECHO_PORT ? process.env.MIX_LARAVEL_ECHO_PORT: 6001;
window.Echo = new Echo({
    broadcaster: "socket.io",
    host: window.location.hostname + ":"+ lv_echo_port,
    withCredentials: true,
    auth: {
        headers: {
            'Referer': window.location.hostname
        }
    },
});

Error laravel-echo-server start

I am getting the following errors where I run the above command

image

Am I doing something wrong? Please suggest me regarding this..

Thanks in advance.

Anwar

HalfBottleOfMind commented 4 years ago

Hi, try Broadcast::routes(['middleware' => ['web']]);. Don't know why, but it helps for me.

anwarx4u commented 4 years ago

@HalfBottleOfMind

Yea, I knew it will work!
Actually, "web" middleware does not check users' authentication. It works only on the public channel. that's why there have no 401/403 errors! But I have some broadcasting channel which is required authentication and authorization.

So, I need an authentication middleware which already mentioned at Laravel docx

anwarx4u commented 4 years ago

@tlaverdure @taylorotwell

Can you help me regarding this, please

Ken-vdE commented 3 years ago

bump

martio commented 3 years ago

Try: Broadcast::routes(['middleware' => ['api', 'auth:sanctum']]);

Naghal commented 1 year ago

I have the same issue, have you got it working?

Edit: I moved my Broadcast::routes(['middleware' => ['auth:sanctum']]); to api.php instead ofthe BroadcastServiceProvider and it all works now.