0

I've built a small web app locally using laravel 8 sanctum and vue.

Both locally and on the prod server I'm using docker so everything is the same. The code is running on a subdomain sub.my-domain.com

All works fine locally.

The issue I have is when running the code on live server.

I first send a request too /sanctum/csrf-cookie which returns a 204 response code but no cookies are set - this is where the issue is I believe as when running this locally the XSRF-TOKEN is set.

Login method within VueX:

    login: function ({ commit }, data) {
      axios.get('/sanctum/csrf-cookie', { withCredentials: true })
        .then(response => {
          axios.post('api/login', {
            email: data.email,
            password: data.password
          })
            .then(response => {
              if (response.data.success) {
                commit('setUser', response.data);
                // router.go('/sales-dashboard')

              } else {
                console.log(response.data.message)
              }
            })
            .catch(function (error) {
              console.error(error);
            });
        })
    },

.env

SESSION_DRIVER=cookie
SANCTUM_STATEFUL_DOMAINS=my-domain.com
SESSION_DOMAIN=.my-domain.com
SESSION_LIFETIME=120
SESSION_SECURE_COOKIE=false;

config/sanctum.php

    'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
        '%s%s',
        'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1,.my-domain.com, sub.my-domain.com',
        env('APP_URL') ? ','.parse_url(env('APP_URL'), PHP_URL_HOST) : ''
    ))),

I'm not sure where I'm going wrong as it all works fine locally so it must be something to do with the config.

To clarify, the actual login endpoint works fine. But when going to a route behind the sanctum middleware I get an unauthenticated message.

Please let me know where I'm going wrong

Thank you

TEster
  • 191
  • 2
  • 4
  • 19
  • Update. This perticular issue was caused by CORS not being set correctly, look at your session.php file and investigate your set cookies in the network tab of inspector tools which helped me debug.. I now have the cookies being set, BUT I'm still getting unathenticated errors for routes using sanctum middleware. – TEster Apr 18 '22 at 18:18
  • It is curious to see how your sanctum.php stateful variable does not include the frontend URL. In Laravel 10 the sprintf() has 3 parameters to include it. – jgarcias Aug 18 '23 at 00:51

1 Answers1

0

The issue was down to CORS and the sanctum set up.

2 Things to check if you face a smiliar issue.

1 - CORS - Check your session.php file and if you're not using SSL set secure to false and make sure same_site is lax.

2 - Sanctum config - Check sanctum.php and make sure your domain is part of the stateful key (I use a subdomain, so I used sub.domain.com (no port or protocol)). Also check your .env and check

SESSION_DRIVER=cookie
SANCTUM_STATEFUL_DOMAINS=sub.domain.com
SESSION_DOMAIN=.domain.com

the leading . on SESSION_DOMAIN is a wildcard I believe.

Once all this was done it was all working.

TEster
  • 191
  • 2
  • 4
  • 19
  • Another thing to check here is if you're using axios. Make sure you're doing the following before any request: ```axios.defaults.withCredentials = true;``` – TEster Mar 12 '23 at 14:19