-
Notifications
You must be signed in to change notification settings - Fork 286
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanctum 3.2.4 causes CSRF token mismatch error #444
Comments
I have same problem witn Laravel 10 REST API. How to resolve problem? 'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
'%s%s',
'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
Sanctum::currentApplicationUrlWithPort()
))) In .env define |
Please try 3.2.5. |
I've just updated to 3.2.5 and appears to be working on first glance. I'd like to keep this issue open for a few days for observations. @taylorotwell What does the newest changes around middleware solve? We've noticed several implementations and rollbacks recently on this - just curious what this change is? |
@sts-ryan-holton thanks for confirming that. If it solves your issue then there's no reason to keep this open. |
I have same problem. Frontend: http://localhost:3000 How to solve this problem? |
|
Sanctum Version
3.2.4
Laravel Version
10.9.0
PHP Version
8.1.13
Database Driver & Version
MySQL 8.x
Description
After upgrading from 3.2.3 to 3.2.4 and making no configuration changes to my project, making POST requests to my API endpoints throws a "CSRF token mismatch." error. When simply downgrading back to 3.2.3 everything works as intended.
It's noted that I'm working on
localhost
.It looks like this function in a recent change is responsible, and after some debugging of it myself, the returned
$domain
value appears to be giving the following value when working on localhost:Note the trailing slash. I think this is causing something to break in validating the token since my
SESSION_DOMAIN
value is just "localhost".Error...
Steps To Reproduce
host
variable set as "localhost"Additional context
Weirdly, on 3.2.4 the token mismatch error was only ever thrown on
POST
requests to the store action.GET
requesst to other actions continued to work.For now I've downgraded a version.
There's no notes listed in the upgrade file.
The text was updated successfully, but these errors were encountered: