Laravel/VueJs Sanctum CSRF mismatch when deployed - laravel

Can't seem to work out why I keep getting CSRF token mismatch with my deployed app. On local using valet it's working fine.
The backend and frontend are on 2 different servers but they share the same subdomain so surely this should work?
My local .env contains the following:
SESSION_DOMAIN=.rss.test
SANCTUM_STATEFUL_DOMAINS=front.rss.test:3001
My live .env contains the following:
SESSION_DOMAIN=.dally.tech
SANCTUM_STATEFUL_DOMAINS=rss.dally.tech
The API is sat on the domain:
rss-api.dally.tech
Really confused why this isn't working.

Related

Laravel Breeze Next and Sanctum Token Mismatch

First of all this is working fine when I do it in localhost but if I try it to deploy in my production server the issue token mismatch appear when I try to login.
I already configure the FRONTEND_URL

Sanctum laravel is working fine on local, not in heroku

I have developed a front (react) and a back (php laravel) with the authentication system "sanctum". All is working fine on localhost. But I can't get it to work in production in heroku.
In local environment ,my .env is (extract) :
SESSION_DRIVER=cookie
SANCTUM_STATEFUL_DOMAINS=localhost:3000,127.0.0.1:3000,localhost:8000,127.0.0.1:8000
SESSION_DOMAIN=localhost
If I have understood well, the front and back must be on the same domains for the cookies. As my back and front are hosted in heroku (herokuapp.com), I have these .env :
But with this configuration, I always have a response 419 CSRF token mismatch.
Certainly my conf is not correct. But I tried a lot of things without success.
edit :
The back url is: https://school-back-v2.herokuapp.com/
The front url is: https://react-protected-routes.herokuapp.com/
Heroku is blacklisted by browsers to use cookie if you site placed on Heroku subdomain. You can use Heroku, but must to register your own domain and use it, so that resolve this problem.
Other variant - use tokens instead cookie.

nuxt js, laravel, token is not provided

i'm a learning nuxt js and laravel, I have been doing an api with laravel and the front with nuxt js, when i work on localhost everything works fine but when i upload my api to a remote server the error appears on my nuxt app {"error":"Token is no provided"} this only happens when the api is on the remote server
my nuxt config looks like this
everything works fine on localhost, but not on the remote server, and on the internet I hardly find any information about it, thanks
in my laravel authController i have this

Django djoser 401/400 for creating users

I deployed a nuxt app to heroku and when I am running it locally, the app is working fine. On the other hand in production the login / register is not working it is always says 400 bad request (there is no explaination why it is a bad request) or 401 unauthorized.
When I am running the up locally, I am pointing to the backend api and it is working fine.
But when it is run in heroku, I get the errors (400 and sometimes 401), oddly it's worked like there random times from different devices but when I logged out and retry create a user errors.
I did not change the code.
I am not sure the problem is with my code or heroku or maybe Pythonanywhere which I am using to host my backend.
It is my first time deploy python DRF as backend and nuxt as front.
My backend is in python DRF.
My front-end nuxt repo nuxt repo
My DRF code backend repo.
In the nuxt app you can see register component with function onSubmit which should register the user and then log him in.
And DRF there is an app name users_auth which has the user model as CustomUser and the Todo model.
nuxt.config.js points to the same place locally and in production.

Sanctum CSRF Cookie not sent when accessing from domain

I'm trying to build an app that will consume Laravel APIs and I'm trying to use Sanctum for authentication. I've check a whole bunch of videos and tutorials and one thing I've noticed is that they are all using localhost or 127.0.0.1 for demonstration purposes.
However, one thing I'm missing out is actually figuring out how to work with the domains.
In my case, I'm using Valet to serve the laravel app. And after configuring everything needed for sanctum, I'm left struggling with getting the CSRF cookie when request is sent to https://domain.test/sanctum/csrf-cookie.
In Postman I'm getting no cookies
I started going nuts, and then I tried simple php artisan serve and made a request to http://127.0.0.1:8000/sanctum/csrf-cookie and by magic I got the cookies
Any explanation why this might happen will be great.
To note, I've set SESSION_DOMAIN and SANCTUM_STATEFUL_DOMAINS in my env file to include both localhost and domain.test.
You need to add session domain in the .env file
SESSION_DOMAIN=.domain.test
[and don't forget to add . (dot) before domain]

Resources