CSRF token mismatch laravel airlock axios

Question

Airlock Version: 1.0.0
Laravel Version: 7.0.0
PHP Version: 7.2.0
Database Driver & Version: MySql 5.7.23

Description:

I try login with axios from different domain. I've the core in "mydomain.com" and the react site in "seconddomain.com". If I try login from seconddomain.com to mydomain.com with axios API request, it work fine, also without CSRF-COOKIE request. But If I try to login from my react "localhost:3000" to "mydomain.com", I've "CSRF token mismatch". Why?

This is my configuration:

in session

'same_site' => "none",

axios configuration

axios.create({
  baseURL: "mydomain.com",
  withCredentials: true,
  responseType: "json",
});

axios login

await API.get('/airlock/csrf-cookie');
response = await API.post(
      '/api/v1/login',
      data
);

cookie from browser - csrf-cooke call

cookie from browser - login call

have you checked the `config\airlock.php` 'stateful' => explode(',', env('AIRLOCK_STATEFUL_DOMAINS', 'domain here')), — smzapp, Mar 17 '20 at 06:41
What domain i must add? "mydomain" (where is the core) or "localhost:3000" (where is react) ? — LionAlex, Mar 17 '20 at 10:27

score 0 · Answer 1 · answered Mar 17 '20 at 12:51

i think your problem is PHP version.

for using laravel-7 you will need to make sure your server meets the following requirements:

PHP >= 7.2.5

BCMath PHP Extension

Ctype PHP Extension

Fileinfo PHPextension

JSON PHP Extension

Mbstring PHP Extension

OpenSSL PHP Extension

PDO PHP Extension

Tokenizer PHP Extension

XML PHP Extension

check server-requirements documentation

CSRF token mismatch laravel airlock axios

Description:

1 Answers1