Laravel Api Csrf(xsrf) Token Not Working Between Subdomain and Domain
January 7, 2023
Laravel
If you want to submit a form to the laravel api from a spa application, you need to submit a csrf(xsrf) token to the api (for security purposes). However, if your spa and api applications are in different domains (domain-subdomain), you may encounter the problem of xsrf token not working.
This is because the csrf(xsrf) cookie cannot be valid in different domain. For example: csrf(xsrf) cookie sent by api.domain.com is valid only in this domain. It doesn't work on domain.com.
The solution is very simple:
SESSION_DOMAIN=.domain.com
You can put the code above in your .env file
Other Articles
- creating-separate-env-file-for-laravel-in-localhost
- how-to-make-game-graphics-with-ai
- making-self-close-modaldialog-in-vuejs
- react-animated-slider-react-18-nextjs-compatible
- run-nextjs-app-on-plesk
- solution-to-unity-ads-401-your-app-includes-non-compliant-sdk-version-unity-ads-on-google-play-console-issue