I am trying SPA authentication using laravel/sanctum. I have setup my sanctum & cors configs by following the official documentation. my application is working flawlessly in local, where I've setup my fontend vuejs app's domain as oams.dev and the backend laravel api's domain as app.oams.dev. But When I deployed my app in production and changed the configurations accordingly and try to login, I got the following error:
Access to XMLHttpRequest at 'http://app.myproductiondomain.com/sanctum/csrf-cookie' from origin 'http://myproductiondomain.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Here's part of my .env file my local repo: SANCTUM_STATEFUL_DOMAINS=oams.dev SESSION_DOMAIN=.oams.dev
These settings are necessary for sanctum as far as I know. Here's my config/cors.php file's contents:
return [
'paths' => ['*', 'api/*', 'sanctum/csrf-cookie', 'login', 'logout'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true,
];
提前致谢。
