I have CSRF token issues when communicating in this manner
subdomain --> domain
I have set the session.php
to have a value
"domain" => "." . env('APP_URL'),
and when I inspect cookies, they do have a value of .example.com
.
Even with this, I am getting a TokenMissmatchException
when trying to forward a login POST
request.
Can this be done, or do with this approach only subdomains communicate, but not the main domain?
The error was that in Kernel.php
I had
\App\Http\Middleware\EncryptCookies::class,
listed twice. Both under global middleware and web middleware which is now included in all Laravel routes by default. It was doing a double encryption, thus making this discrepancy.
Hope it helps someone