I use Laravel with a Vue SPA. The application runs very well sins a half year.
Now, we need a new instance for further tests. The new instance is on the same server as the dev. I like to continue to use dev and if it works, to deploy with deployer to the test instance. So, the new root is current/public
I deployed the application. The start page (login) works. But then, the csrf request returns a 404.
I changed the .env file to the new domain. I checked it twice.
Then i searched in google for other solutions, no way.
I cleaned cache, routes and config. No better result. I checked the store in the browser. Everything looks ok. The session cookie and als the xsrf token are there.
Is it possible, that the server doesn't accept any header? It's an nginx
Actually I have no Idea to where I have to searcht....
Related
I have developed a front (react) and a back (php laravel) with the authentication system "sanctum". All is working fine on localhost. But I can't get it to work in production in heroku.
In local environment ,my .env is (extract) :
SESSION_DRIVER=cookie
SANCTUM_STATEFUL_DOMAINS=localhost:3000,127.0.0.1:3000,localhost:8000,127.0.0.1:8000
SESSION_DOMAIN=localhost
If I have understood well, the front and back must be on the same domains for the cookies. As my back and front are hosted in heroku (herokuapp.com), I have these .env :
But with this configuration, I always have a response 419 CSRF token mismatch.
Certainly my conf is not correct. But I tried a lot of things without success.
edit :
The back url is: https://school-back-v2.herokuapp.com/
The front url is: https://react-protected-routes.herokuapp.com/
Heroku is blacklisted by browsers to use cookie if you site placed on Heroku subdomain. You can use Heroku, but must to register your own domain and use it, so that resolve this problem.
Other variant - use tokens instead cookie.
I deployed a nuxt app to heroku and when I am running it locally, the app is working fine. On the other hand in production the login / register is not working it is always says 400 bad request (there is no explaination why it is a bad request) or 401 unauthorized.
When I am running the up locally, I am pointing to the backend api and it is working fine.
But when it is run in heroku, I get the errors (400 and sometimes 401), oddly it's worked like there random times from different devices but when I logged out and retry create a user errors.
I did not change the code.
I am not sure the problem is with my code or heroku or maybe Pythonanywhere which I am using to host my backend.
It is my first time deploy python DRF as backend and nuxt as front.
My backend is in python DRF.
My front-end nuxt repo nuxt repo
My DRF code backend repo.
In the nuxt app you can see register component with function onSubmit which should register the user and then log him in.
And DRF there is an app name users_auth which has the user model as CustomUser and the Todo model.
nuxt.config.js points to the same place locally and in production.
I'm trying to build an app that will consume Laravel APIs and I'm trying to use Sanctum for authentication. I've check a whole bunch of videos and tutorials and one thing I've noticed is that they are all using localhost or 127.0.0.1 for demonstration purposes.
However, one thing I'm missing out is actually figuring out how to work with the domains.
In my case, I'm using Valet to serve the laravel app. And after configuring everything needed for sanctum, I'm left struggling with getting the CSRF cookie when request is sent to https://domain.test/sanctum/csrf-cookie.
In Postman I'm getting no cookies
I started going nuts, and then I tried simple php artisan serve and made a request to http://127.0.0.1:8000/sanctum/csrf-cookie and by magic I got the cookies
Any explanation why this might happen will be great.
To note, I've set SESSION_DOMAIN and SANCTUM_STATEFUL_DOMAINS in my env file to include both localhost and domain.test.
You need to add session domain in the .env file
SESSION_DOMAIN=.domain.test
[and don't forget to add . (dot) before domain]
I am working on Laravel 4 application and using Sentry for authentication. I need to add Keep Me Logged In functionality into my application. I have googled around and found that passing second variable to Sentry::login($user, $remember) sets up a cookie. I have done that and can verify that it is working from the browser (Chrome). But somehow whenever I try Sentry::check() after a day it returns null for cookies. Even when the cookie is present in the browser. Can anyone point out what am I doing wrong? Same happens when I attach my custom cookie to the response.
This scenario happens on my production server. Whereas it works fine on my local server.
PS: Lifetime of the cookie is set to forever (5 Years)
After working around for sometime on the issue I was finally able to resolve the issue by creating and attaching custom cookie to the response after login. And then wrote a middleware to check for that cookie. If present then login user and continue.
Our Laravel 5.1 application has been using the "native" session driver setting (configured in the .env file). With it set this way, we were able to use the laravel url.intended behavior to redirect the user to the url they were attempting to access prior to being authenticated.
We had to change it to "cookie" because every time we use Amazon's Opsworks system to deploy a new build, users were logged out because their server-side session files were no longer available. Once we changed it to cookie, the users remain logged in even when we deploy a hotfix or new build.
However, with it set to cookie, the url.intended does not work at all. I tried hacking together some solution by adding a custom url intended node, but it just won't work. It seems like when the user attempts to access a url prior to being logged in, it sets the session info, but then the application redirects the user to the login page where it's getting nulled out.
I'm using Debugbar to look at the session vars and I'm going crazy. I'm already bald so I have no more hair to pull out.
Does anyone have any ideas?
We ended up setting up a Dynamo database at first and then transitioned to Redis on a common server. We have a load balancer and don't want sessions getting lost or corrupted by switching servers so all cache is now being stored in that common location.