serkandyck
commented
6 years ago İf you use api route for form operation, you not need csrf_token, and i think best practice in laravel build one page framework use api route
Closed tonskey closed 6 years ago
serkandyck
commented
6 years ago İf you use api route for form operation, you not need csrf_token, and i think best practice in laravel build one page framework use api route
rodrigopedra
commented
6 years ago As per the documentation, if using Laravel Passport one should always send a CSRF token when consuming the api from the own server.
https://laravel.com/docs/5.6/passport#consuming-your-api-with-javascript
I came here for tips on how to inject csrf while in dev mode. If any of you have an suggestion I appreciate
wishinghand
commented
6 years ago I'm running into the same issue as @antonVl and @rodrigopedra. In our main Blade template we had this line: <meta name="csrf-token" content="{{ csrf_token() }}"> and now with the npm run build command it gets overwritten as an HTML file.
tonskey
commented
6 years ago Hi @wishinghan , if you create spa, the best solution is using laravel passport or something like this. I mean, simple api auth, because you token take care about csrf attack. csrf_token() you can use in simple server application
Hi, in prod mode we can just add meta tag with csrf_token() as value to our frontend/index.html. But how to get token in dev mode without php?