php – CSRF token mismatch laravel airlock axios-ThrowExceptions

Exception or error:
  • Airlock Version: 1.0.0
  • Laravel Version: 7.0.0
  • PHP Version: 7.2.0
  • Database Driver & Version: MySql 5.7.23

Description:

I try login with axios from different domain.
I’ve the core in “mydomain.com” and the react site in “seconddomain.com”.
If I try login from seconddomain.com to mydomain.com with axios API request, it work fine, also without CSRF-COOKIE request.
But If I try to login from my react “localhost:3000” to “mydomain.com”, I’ve “CSRF token mismatch”. Why?

This is my configuration:

in session

'same_site' => "none",

axios configuration

axios.create({
  baseURL: "mydomain.com",
  withCredentials: true,
  responseType: "json",
});

axios login

await API.get('/airlock/csrf-cookie');
response = await API.post(
      '/api/v1/login',
      data
);

cookie from browser – csrf-cooke call
enter image description here

cookie from browser – login call
enter image description here

How to solve:

i think your problem is PHP version.

for using laravel-7 you will need to make sure your server meets
the following requirements:

  • PHP >= 7.2.5
  • BCMath PHP Extension
  • Ctype PHP Extension
  • Fileinfo PHPextension
  • JSON PHP Extension
  • Mbstring PHP Extension
  • OpenSSL PHP Extension
  • PDO PHP Extension
  • Tokenizer PHP Extension
  • XML PHP Extension

check server-requirements documentation

Leave a Reply

Your email address will not be published. Required fields are marked *