2

I'm attempting to login a user using axios.

Front-end: React / Axios running on http://192.168.1.63:3000
Back-end: Laravel 8 running on http://192.168.1.63:8000

Before logging in I make a request on GET http://192.168.1.63:8000/sanctum/csrf-cookie in the result I can see that a cookie is set:
Set-Cookie: XSRF-TOKEN=eyJ...joiIn0%3D; expires=Tue, 25-Jan-2022 17:36:07 GMT; Max-Age=7200; path=/; domain=192.168.1.63; samesite=lax If I go to the cookie store I can also see it.

However when I do the following request: POST http://192.168.1.63:8000/api/backoffice/login Laravel returns a "CSRF token mismatch." error despite the fact that the token seems to be correctly sent in the headers:
X-XSRF-TOKEN: eyJ...joiIn0=

I've noticed that %3D is now = but this looks like correct behaviour when encoding.

My cors.php looks like this.

'paths' => ['api/*', 'sanctum/csrf-cookie'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true
Philou
  • 67
  • 1
  • 10
  • 1
    XSRF vs CSRF: https://stackoverflow.com/questions/34782493/difference-between-csrf-and-x-csrf-token – Gert B. Jan 25 '22 at 15:58
  • Were you able to find a solution? Stuck on something very similar where I'm gettings a CORS mismatch error – Riza Khan Jul 01 '22 at 14:53

0 Answers0