Closed benjaminhaeberli closed 8 months ago
Same here
I find a solution @LuccaRomanelli. I added two environment variables :
baseUrl
is equal to http://admin.nanou.test
Referer
is equal to app.nanou.test:5173
I added three collections headers :
Accept
= application/json
Referer
= {{Referer}}
X-XSRF-TOKEN
= {{X-XSRF-TOKEN}}
Then I added a POST request to {{baseUrl}}/login
with just email and
password
in the body.
And finally I created a separate GET request to {{baseUrl}}/sanctum/csrf-cookie
with this Post Response script :
const setCookieHeader = res.headers.get('set-cookie')[0];
const xsrfTokenMatch = setCookieHeader.match(/XSRF-TOKEN=([^;]+)/);
const xsrfToken = decodeURIComponent(xsrfTokenMatch[1]);
bru.setEnvVar('X-XSRF-TOKEN',xsrfToken);
Now it works 🥳 I just have to run the "CRSF" request manually once before run the other requests.
Small addition, in a recent project I needed to change the first line to:
const setCookieHeader = res.headers['set-cookie'][0];
to make it work. Tested with bruno v1.27.0
Hi guys ! First of all, thanks for this amazing tool that I truly want to use as a Postman alternative. The fact that this is versionable is amazing 👌
I wanted to use Bruno for a new Laravel API I'm working on, but I struggled a lot with scripting to automatically retrieve the XSRF-TOKEN that is generated by Laravel Sanctum (https://laravel.com/docs/10.x/sanctum#spa-authentication).
Here is the script I writed. In the console it looks fine, the token is correct, but something goes wrong when Bruno send the request because I don't get anything on my back-end side OR I get the token without the last "=" character :
The headers are these one
Accept: application/json, Referer: app.nanou.test, Access-Control-Allow-Credentials: true
. I then tried to replicate the same script in Postman with the same headers and it works, I don't know why. Is this a bug from Bruno or did I make something wrong ?