CSRF token mismatch laravel airlock axios

0
votes
  • Airlock Version: 1.0.0
  • Laravel Version: 7.0.0
  • PHP Version: 7.2.0
  • Database Driver & Version: MySql 5.7.23

Description:

I try login with axios from different domain. I've the core in "mydomain.com" and the react site in "seconddomain.com". If I try login from seconddomain.com to mydomain.com with axios API request, it work fine, also without CSRF-COOKIE request. But If I try to login from my react "localhost:3000" to "mydomain.com", I've "CSRF token mismatch". Why?

This is my configuration:

in session

'same_site' => "none",

axios configuration

axios.create({
  baseURL: "mydomain.com",
  withCredentials: true,
  responseType: "json",
});

axios login

await API.get('/airlock/csrf-cookie');
response = await API.post(
      '/api/v1/login',
      data
);

cookie from browser - csrf-cooke call enter image description here

cookie from browser - login call enter image description here

1
phpreactjsaxioslaravel-7laravel-airlock
have you checked the config\airlock.php 'stateful' => explode(',', env('AIRLOCK_STATEFUL_DOMAINS', 'domain here')), - smzapp
What domain i must add? "mydomain" (where is the core) or "localhost:3000" (where is react) ? - LionAlex

1 Answers

0
votes

i think your problem is PHP version.

for using laravel-7 you will need to make sure your server meets the following requirements:

  • PHP >= 7.2.5
  • BCMath PHP Extension
  • Ctype PHP Extension
  • Fileinfo PHPextension
  • JSON PHP Extension
  • Mbstring PHP Extension
  • OpenSSL PHP Extension
  • PDO PHP Extension
  • Tokenizer PHP Extension
  • XML PHP Extension

check server-requirements documentation