CSRF Token mismatch with Laravel-Echo-Server and Homestead

Question

I'm trying to setup the broadcast system of Laravel, but I have an issue with the CSRF Token.

I send the token to my SPA

<meta name="csrf-token" content="{{ csrf_token() }}">

then I setup my options for Laravel-Echo

window.Echo = new Echo({
    broadcaster: 'socket.io',
    host: window.location.hostname + ':6001',
    csrfToken: document.querySelector('meta[name="csrf-token"]').getAttribute('content'),
    auth:
    {
        headers:
        {
            'X-CSRF-TOKEN': document.querySelector('meta[name="csrf-token"]').getAttribute('content'),
        }
    }
});

I check the Echo object, and the CRSF token is present. But when I watch Laravel-Echo-Server logs, there is a 419 error response (CRSF Token Mismatch)

Laravel-Echo-Server is running on the same vagrant machine (Homestead) and I use a the faked hostname "http://developing.com" on port 80 on hosting PC to access the http server. Here my laravel-echo-server.json

{
"authHost": "http://developing.com",
"authEndpoint": "/broadcasting/auth",
"clients": [
    {
        "appId": "...",
        "key": "..."
    }
],
"database": "redis",
"databaseConfig": {
    "redis": {},
    "sqlite": {
        "databasePath": "/database/laravel-echo-server.sqlite"
    }
},
"devMode": true,
"host": null,
"port": "6001",
"protocol": "http",
"socketio": {},
"secureOptions": 67108864,
"sslCertPath": "",
"sslKeyPath": "",
"sslCertChainPath": "",
"sslPassphrase": "",
"subscribers": {
    "http": true,
    "redis": true
},
"apiOriginAllow": {
    "allowCors": false,
    "allowOrigin": "",
    "allowMethods": "",
    "allowHeaders": ""
}

}

Where am I wrong ? Thanks you !

UPDATE I don't have anymore the issue... Maybe the dump-autoload did something ? I don't know...

CSRF Token mismatch with Laravel-Echo-Server and Homestead

0 Answers0