I am working on a project (Laravel API - Sanctum & NextJs). Logging in and everything is working fine on localhost and postman but it shows 'CSRF Token Mismatched' after deploying on the server.
admin.example.com is the subdomain where I deployed the NextJs app. I updated the main domain and subdomain in sanctum.php as follows.
sanctum.php
'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
'%s%s%s',
'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,localhost:8000::1,example.com, admin.example.ae',
env('APP_URL') ? ',' . parse_url(env('APP_URL'), PHP_URL_HOST) : '',
env('FRONTEND_URL') ? ',' . parse_url(env('FRONTEND_URL'), PHP_URL_HOST) : ''
))),
I got the solution for this.
If you are just starting to add Sanctum
to your project or about to go live with Sanctum, please make sure you configured all the mentioned settings on this section of Laravel Sanctum Docs
. I have mentioned them in a summary below.
http://localhost:8000
instead of http://localhost
.supports_credentials
is true
on config/cors.php
withCredentials
to true
on your global Axios configuration
of frontend'domain' => '.example.com',
at config/session.php
file or add this SESSION_DOMAIN=".example.com"
to your .env
fileAs I mentioned above, please go through and read this section of Laravel Sanctum Docs again if it still doesn't work.
If you can't even make the request from Postman, please read this thread that mentions what I experienced at the same time.