I have got an Angular Frontend and an Laravel Backend with Sanctum.
My Login Component looks like this. When I run it without the Login-Request, everything works and both cookies are done. When I insert the login request, I always got an 419 (unknown status) with the message CSRF token mismatch.
I tried a bunch of ideas out of other threads (http://localhost, localhost, ip-number, with ports, without ports), but unfortunately nothing work.
In advance, thanks for your help :)
Angular Component:
import { Component, Input } from '@angular/core';
import { CommonModule } from '@angular/common';
import { RouterLink } from '@angular/router';
import axios from 'axios';
axios.defaults.withCredentials = true
axios.defaults.baseURL = 'http://localhost:8000'
selector: 'app-login',
standalone: true,
imports: [CommonModule, RouterLink],
templateUrl: './login.component.html',
styleUrl: './login.component.scss'
export class LoginComponent {
axios.get('/sanctum/csrf-cookie').then(response => {
axios.post('/login', {
email: 'test@test.de',
password: 'password'
.then(response => {
.catch(error => {
Laravel .env
Laravel cors.php
'paths' => ['api/*', 'sanctum/csrf-cookie', 'login', 'logout'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true,
Laravel sanctum.php
'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
Laravel session.php
'domain' => env('SESSION_DOMAIN'),
Laravel kernel.php
protected $middlewareGroups = [
'web' => [
'api' => [
\Illuminate\Routing\Middleware\ThrottleRequests::class . ':api',
I found the mistake. I forgot this one in the component.
axios.defaults.withXSRFToken = true;