Reputation: 1812
How to pass a CSRF token safely to a separate VueJS frontend?
Laravel(backend) and VueJS(frontend created with Vue CLI) are separated, hence have different domains and repositories. I am wondering what is the best way to pass a CSRF token from Laravel to VueJS safely.
I've found some old questions here and on Laracasts but they are either irrelevant, outdated or have no answer. Here are a few:
Pass csrf token from Laravel to Vue
Creating a sign up token for Laravel app from separate frontend app
(Laracasts forum) CSRF in separate angular app
I am aware that Laravel ships with $except array in VerifyCSRFToken middleware. Adding frontend's URL to this list will create a security flaw, am I correct?
Upvotes: 1
Views: 1856
Answers (1)
Reputation: 11093
In case of using a standalone application (vue, react, angular ....) the best solution is to use Laravel Passport instead of using CSRF tokens.
Upvotes: 2
Related Questions
- Csrf token in vue component
- How to pass laravel CSRF token value to vue
- How to retrieve laravel CSRF token using separated vue frontend
- csrf_token of Django into Vuejs when seperate them
- laravel 5 vue.js csrf token
- How to Pass CSRF token with AJAX request Laravel + Vue.js
- generate dynamic csrf-token for laravel SPA
- How can I create and match CSRF token in vue 2 app and laravel
- how to use laravel csrf token inside vuejs component
- CSRF token using SPA