get auth data using header referer option

Question

get auth data using header referer option

thepnl opened this issue 2 years ago · 4 comments

Hello,

I've been using your breeze-nuxt and there is an issue that unauthorized data can be called without token option in header. As long as referer option is set in the header, any unauthorized data can be called.

Thanks

Answer 1 · 2022-11-16T16:44:21.000Z

Hi, when you say "any unauthorized data can be called", what do you mean by this exactly? Do you mean your Laravel app returns unauthorized data even though no token is sent? That should not be possible unless you are doing something wrong on Laravel's side, make sure you are using the sanctum middleware correctly.

However, if you mean that $larafetch is not redirecting to the /login page, then you might wanna try the latest update I made here, there was an issue with using navigateTo so I replaced it with calling the router directly.

Answer 2 · 2022-11-28T14:02:39.000Z

Now, it works fine. Is this only working for local server? because after I change backend and frontend name to domain name(https://api.domain.com for backend, https://domain.com for frontend), the login won't work.

Answer 3 · 2022-11-28T14:03:16.000Z

ERROR IS 419 MESSAGE: "CSRF token mismatch.", exception: "Symfony\Component\HttpKernel\Exception\HttpException",…

Answer 4 · 2022-11-30T11:42:38.000Z

Unfortunately the problem you are facing has nothing to do with this Nuxt starter, you will likely need to tinker with some cors or session configurations on Laravel's side, check out this thread and see if it helps you:
laravel/sanctum#11

specifically, try adding this to your config/session.php file:

 'domain' => '.domain.com'