blog cover

Laravel Api Csrf(xsrf) Token Not Working Between Subdomain and Domain

January 7, 2023

If you want to submit a form to the laravel api from a spa application, you need to submit a csrf(xsrf) token to the api (for security purposes). However, if your spa and api applications are in different domains (domain-subdomain), you may encounter the problem of xsrf token not working.

This is because the csrf(xsrf) cookie cannot be valid in different domain. For example: csrf(xsrf) cookie sent by is valid only in this domain. It doesn't work on

The solution is very simple:

You can put the code above in your .env  file