I am building a web app using Quasar SSR for the front-end and Laravel for the backend.
For Authentication, I use the new Laravel Sanctum Package which uses cookies for user authentication.
Building the app in SPA, I have no problem to authenticate users. Unfortunately in SSR mode, no cookies are sent to the server thus making user authentication impossible.
I use axios to handle ajax request. I set it in a boot file.
Can someone help me send the cookies to the backend?
Editing to add some precisions. I am using nginx as a web server and my configuration is as follow:
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /var/www/certs/www.mysite/fullchain.pem;
ssl_certificate_key /var/www/certs/www.mysite/privkey.pem;
ssl_protocols TLSv1.2;
root /var/www/next/mysite/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name next.mysite.net;
location / {
#try_files $uri $uri/ /index.php?$args;
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /storage/ {
}
location /vendor/ {
}
location /server {
try_files $uri $uri/ /index.php?$args;
}
location /prequel-api {
try_files $uri $uri/ /index.php?$args;
}
location /api {
try_files $uri $uri/ /index.php?$args;
}
location /graphql {
try_files $uri $uri/ /index.php?$args;
}
location /sanctum {
try_files $uri $uri/ /index.php?$args;
}
location ~ [^/]\.php(/|$) {
#try_files $uri =404;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
#if (!-f $document_root$fastcgi_script_name) {
# return 404;
#}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
# include the fastcgi_param setting
include fastcgi_params;
# SCRIPT_FILENAME parameter is used for PHP FPM determining
# the script name. If it is not set in fastcgi_params file,
# i.e. /etc/nginx/fastcgi_params or in the parent contexts,
# please comment off following line:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
}
import Axios from "axios";
import { boot } from "quasar/wrappers";
import { Cookies } from "quasar";
const axios = Axios.create({
baseUrl: "https://next.mysite.net"
});
axios.defaults.withCredentials = true;
axios.interceptors.response.use(
response => {
return response.data;
},
error => {
return Promise.reject(error.response);
}
);
export default boot(async ({ Vue, ssrContext }) => {
if (process.env.SERVER) {
//Check if cookies are available
var cookies = JSON.stringify(Cookies.parseSSR(ssrContext).getAll()).replace(
/[{}]/g,
""
);
console.log("cookies: ", cookies);
}
Vue.prototype.$axios = axios;
});
export { axios };
I solved a similar problem by extending the axios instance with cookies when creating the instance
//boot/axios.js (inside callback function)
if (ssrContext) {
const cookies = ssrContext.$q.cookies.getAll();
instance.interceptors.request.use(function (config) {
const cookiesSet = Object.keys(cookies).
reduce((prev, curr) => prev + curr + '=' + cookies[curr] + ';', '');
if (cookiesSet.length > 0) {
config.headers.Cookie = cookiesSet;
}
return config;
});
}