osama Abdullah
Reputation: 321
cookies are not set if you send request from different domain
Sanctum Version: 2.11.2
Laravel Version: 8.55.0
PHP Version: 7.4.20
Laravel is running on: http://127.0.0.1:8000
front end (vue) is running on: http://localhost:3000
I put all following in my .env file
COOKIE_SAME_SITE_POLICY=strict
SESSION_SECURE_COOKIE=false
SESSION_DOMAIN='.127.0.0.1'
SANCTUM_STATEFUL_DOMAINS='.localhost,.localhost:3000,127.0.0.1,127.0.0.1:8000,::1'
When I'm trying to authenticate from a different domain it gives 419 error CSRF token mismatch, the first request "http://127.0.0.1:8000/sanctum/csrf-cookie" which must set the cookies does not set anything however if I try the same request inside laravel instance it sets the cookies and works as expected
how every the same request sets the cookies successfully in postman
Steps To Reproduce:
- install laravel "composer create-project laravel/laravel sanctum"
- change
'supports_credentials' => false,to'supports_credentials' => true,from /config/cors.php - set up the vue app on "http://localhost:3000" and send a request to "http://127.0.0.1:8000/sanctum/csrf-cookie" and it will not set the cookies.
Upvotes: 0
Views: 838
Answers (1)
user15118945
Reputation:
You cannot set a cookie for a different domain for security reasons
Upvotes: 1
Related Questions
- Laravel Cookies rejected for invalid domain
- Laravel sanctum SPA - This set-cookie domain attribute was invalid with regards to the current host url
- Laravel shared cookie detection issue in domain and subdomain
- Laravel set cookie not working
- Cookies not working in Laravel?
- Sanctum CSRF Cookie not sent when accessing from domain
- CSRF Cookies Not Set for Cross Domain Requests using Laravel Sanctum and Angular
- Laravel REST Api not sending cookies to different domain?
- Laravel Cookies on test domain
- Session/cookie error when having multiple instance of Laravel in the same domain