Reputation: 4809
Cookies in Lumen
Since the last version (5.2), cookies are disabled in Lumen. I'm currently making an API in Lumen with JWT authentication.
To secure my application from CSRF attacks I need to set a csrf cookie. But what is the best way to handle that now?
Upvotes: 1
Views: 2655
Answers (1)
Reputation: 1411
VerifyCsrfToken Middleware was removed in this commit.
From Lumen 5.2 documentation:
Lumen 5.2 represents a more decided shift towards focusing on stateless APIs.
So, if you need Csrf Token verification, you have to implement it storing it in a meta tag or inside a JWT payload as a private claim (you will need to implement the new claim, i.e.: here).
If it was removed, there's probably a good reason. Here I let some links that maybe can help you move on.
CSRF Token necessary when using Stateless(= Sessionless) Authentication?
Where to store JWT in browser? How to protect against CSRF?
https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage#post-2748616172
Upvotes: 2
Related Questions
- Setting cookies in Laravel Octane / Swoole
- How to set a cookie on response in Laravel Lumen 8
- Laravel 5.4 Cookie Value
- Cookie Laravel 5-4
- Working with Laravel 5.3 cookies
- Laravel 5.1 Cookie Issue
- Why cookie isn't set in Laravel Lumen
- Unable to set cookie with Laravel Lumen
- How to Set Session or Cookie Life Time in Laravel Lumen
- Laravel Cookies