I am trying SPA authentication using laravel/sanctum. I have setup my sanctum & cors configs by following the official documentation. my application is working flawlessly in local, where I've setup my fontend vuejs app's domain as
oams.dev and the backend laravel api's domain as
app.oams.dev. But When I deployed my app in production and changed the configurations accordingly and try to login, I got the following error:
Access to XMLHttpRequest at 'http://app.myproductiondomain.com/sanctum/csrf-cookie' from origin 'http://myproductiondomain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Here's part of my .env file my local repo:
These settings are necessary for sanctum as far as I know. Here's my
config/cors.php file's contents:
return [ 'paths' => ['*', 'api/*', 'sanctum/csrf-cookie', 'login', 'logout'], 'allowed_methods' => ['*'], 'allowed_origins' => ['*'], 'allowed_origins_patterns' => , 'allowed_headers' => ['*'], 'exposed_headers' => , 'max_age' => 0, 'supports_credentials' => true,