Airlock alias Sanctum doesn't set the csrf token in cookie after the csrf request from axios to a laravel backend

Question

I have a virtualhost in laravel who use Airlock for handling authentication. In a SPA i make a request with axios to get the CSRF token that i would use for login according to documentation.

But i can't make the response set the cookie. I have no cors problems and i can see the csrf token in the response but the set-cookie header seems ignored. For testing i put the samesite to none. I turn off http_only and i don't know what more I can do.

I also put the two instances on "same domain" (/etc/hosts) to avoid a warning in the network which said this set-cookie domain attribute was invalid with regards to the current host url but that's not the solution.

Thx

score 1 · Answer 1 · answered Mar 21 '20 at 11:05

1

According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Invalid_domains

It seems we can not use Set-Cookie with a domain param different of the server domain.So i put my spa on the vhost who handle authentication.

answered Mar 21 '20 at 11:05

Waxer

11
5

Airlock alias Sanctum doesn't set the csrf token in cookie after the csrf request from axios to a laravel backend

1 Answers1