0

I am trying to make laravel API with filament admin panel, Arduino esp32 and React js SPA app work with each other, but when i access http://192.168.0.105:8000/admin/login or my frontend http://localhost:3000/login and trying to log in I face 419 expired and csrf token mismatch. I do php artisan serve --host 192.168.0.105 --port=8000 for laravel app For react js i start app on localhost:3000 and arduino has a static ip http://192.168.0.30

Also I am using Breeze for authentication.

I tried various configurations of SANCTUM_STATEFUL_DOMAINS, but every attempt failed.

I guess the issue is in my env configuration.

APP_URL=http://192.168.0.105:8000
FRONTEND_URL=http://localhost:3000
SANCTUM_STATEFUL_DOMAINS=http://localhost:3000
SESSION_DOMAIN=localhost

config/sanctum

'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
        '%s%s%s',
        'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
        env('APP_URL') ? ','.parse_url(env('APP_URL'), PHP_URL_HOST) : '',
        env('FRONTEND_URL') ? ','.parse_url(env('FRONTEND_URL'), PHP_URL_HOST) : ''
    ))),

config/cors

    'allowed_origins' => [env('FRONTEND_URL', 'http://localhost:3000')],

If I change my APP_URL to localhost:8000 and start like php artisan serve, my laravel api and react app communicate fine, but then arduino fails to send requests to my 192.168.0.105:8000

How can I resolve the issue. Thanks in advance

Improve this question

2 Answers 2

Reset to default
0

So I managed to fix it. My env config now looks like

APP_URL=https://192.168.0.105:8000
FRONTEND_URL=https://192.168.0.105:3000
SANCTUM_STATEFUL_DOMAINS=192.168.0.105:8000,192.168.0.105,192.168.0.105:3000
SESSION_DOMAIN=.192.168.0.105

I added a dot in session domain

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I get a similair problem 2 days ago , when i post from an API test like Thunder Client i get 419 and 419 means the problem is in CSRF Nothing else , and I made this :

Route::post('store', [GreenhouseDataController::class, 'store'])->middleware('apiKeySecret')->withoutMiddleware([\App\Http\Middleware\VerifyCsrfToken::class]);

I disable VerifyCsrfToken for the post and create my own middleware called apikeysecret

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.