1

Im building a system with two domains (sub1.domain.com and sub2.domain.com). These two domains use the exact same system. The only reason i use two domains is because of the name to make things more clear for the users.

On sub1.domain.com everything works fine, but on sub2.domain.com i get a CSRF TokenMismatch error.

I've tried to implement CORS in two different ways, making my own middleware and using a standard composer package for laravel. Those two solutions do not seem to work.

I also tried to define a domain in config/session.php. (sub-domains and top-level domain). But when i tried that, the whole login stopped working and i was redirected back to the login page without a message. (I did received a error message when used wrong credentials)

Some ideas?

Thanks in advance!

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Kevin Pijning
  • 11
  • 3
  • 1
    That's exactly what CSRF is protecting from I believe. It's either protect yourself from CSRF or have it work your way. – DevK May 15 '17 at 20:20
  • Yeah, but they use the exact same code base, it is just a second domain name. It are two vHosts linked to the same directory. I thought that the csrf logic would be the same on both sides. The csrf also works on my local domain, and my public domain without changing anything. – Kevin Pijning May 29 '17 at 06:16

1 Answers1

1

I have the same problem, for one domain the csrf is working but for another one I am receiving connection timeout. The only solution I found is to add exceptions for CSRF verification in VerifyCSRFTtoken controller. My controller looks like that right now:

class VerifyCsrfToken extends Middleware
{
   protected $except = [
    '/routename',
   ];
}

This is not the best solution, but as a fast fix is ok. Looking for better ideas.

Alexandru Statnii
  • 41
  • 7