Category : csrf

Tried a lot of things from different places in the internet. Here’s dump of session.php configuration: session config I’m using docker. version: ‘3’ services: #PHP Service php: build: context: . dockerfile: ./docker/php/Dockerfile container_name: project_php extra_hosts: – "host.docker.internal:host-gateway" restart: unless-stopped tty: true working_dir: /var/www environment: PHP_IDE_CONFIG: ‘serverName=project’ volumes: – ./:/var/www/ – ./docker/php/xdebug.ini:/usr/local/etc/php/conf.d/docker-php-ext-xdebug.ini – ./docker/php/php.ini:/usr/local/etc/php/php.ini networks: – ..

Read more

So, my API(laravel) runs on for example https://api.example.com and on client side, my site runs on http://127.0.0.1:3000. The API sends the following cookie, set-cookie: XSRF-TOKEN=eyJpdiI6IkVRSjcyYzBoVzRTazQ4RWJjK0JSd2c9PSIsInZhbHVlIjoiT20yb3AwZk1HemloaUl2MFZZdkUyUVM3Z3pXc3B0QXpiUEZPUEJIWElJYjRHamtlZ3d5NU5yb3doWmQ4ZXNBb1g0eTFiZXliRlFmWkN1SjVRMVFaM3pXK2x0MTMyK1MwTnp3cVZFSksvaVlJdGdLNGpKZXVrR3lITTRPU2VYNWgiLCJtYWMiOiI0MGU3NmEzYmI2NjY3MTkwNTNlMDQ2ZWRiNjVmNzdmYzA1MTMzOWE0NjA0YzAxYzBjZTczNzI4MDljOThhYTRmIn0%3D; expires=Wed, 30-Sep-2026 06:29:36 GMT; Max-Age=155520000; path=/; samesite=lax However this cookie is not set by the browser as it’s always empty. I make the request as follows: axios.get("https://api.example.com/users") What could be ..

Read more

im using laravel and i have 1 view.. with 2 includes with one modal in each one… My index.blade.php: @extends(‘layouts/contentLayoutMaster’) @include(‘modalOne’) @include(‘modalTwo’) My ModalOne: <form method="POST" action="{{ route(‘customers.store’) }}" class="row gy-1 pt-75"> @csrf My ModalTwo: <form method="POST" action="{{ route(‘customers.store’) }}" class="row gy-1 pt-75"> @csrf When i use the modalOne… all work perfect… but in modalTwo ..

Read more

i am using laravel and I have 1 view, with 2 @include with one modal in each one… My index.blade.php: @extends(‘layouts/contentLayoutMaster’) @include(‘modalOne’) @include(‘modalTwo’) My ModalOne: <form method="POST" action="{{ route(‘customers.store’) }}" class="row gy-1 pt-75"> @csrf My ModalTwo: <form method="POST" action="{{ route(‘customers.store’) }}" class="row gy-1 pt-75"> @csrf When I use the modal One… everything works perfectly… but ..

Read more

I use Laravel sanctum to make auth With ReactJS in cors.php i set these values ‘paths’ => [‘api/*’, ‘api/csrf-cookie’,’/login’], ‘supports_credentials’ => true, sanctum.php ‘prefix’=>’api’ in React i use axios with credintials axios.get(‘http://www.react.test/api/csrf-cookie’).then(response => { console.log(response); }, { withCredentials: true }); when use Postman i get the Set-Cookie Valuei , but when use browser its not ..

Read more

I am using Laravel sanctum to make auth With ReactJS in cors.php. I have set these values ‘paths’ => [‘api/*’, ‘api/csrf-cookie’,’/login’], ‘supports_credentials’ => true, sanctum.php ‘prefix’=>’api’ in React I use axios with credintials axios.get(‘http://www.react.test/api/csrf-cookie’).then(response => { console.log(response); }, { withCredentials: true }); when using Postman, I get the Set-Cookie Value , but when I try ..

Read more

I am trying to make a ajax request to the musicbrainz api but keep getting a cors header error. the error : Access to XMLHttpRequest at ‘https://musicbrainz.org/ws/2/release-group/?xxxxxxx’ from origin ‘https://my_url’ has been blocked by CORS policy: Request header field x-csrf-token is not allowed by Access-Control-Allow-Headers in preflight response. code var $artist_encoded = encodeURIComponent($artist); var $album_encoded ..

Read more

​ I have a site set up with PHP and Slim CSRF, and everything was working until recently. Now, I’ve decided to locally test dockerizing my application, and the CSRF appears to be breaking my application. I’ve got a bootstrap file in ./bootstrap/app.php which I will show here: <?php session_start(); use RespectValidationValidator as v; use ..

Read more

I’m running webservices on Laravel With Digital Ocean App platform. It’s using cookie based (Stateful) Authentication. However I’m not able to set the cookie because of some issue see the attached screenshot. I’m running this same webservice on Hostinger where it’s working perfectly fine. Please see the screenshot Both Frontend and backend are running on ..

Read more

I’m stuck for a while on this subject, I’ve searched the internet but unfortunately I can’t find anything. I have a controller that sends a recipe to my database but when I click on the previous icon of Google, it re-displays me the data entered previously are again displayed. Except that I have implemented csrf ..

Read more