Laravel 419 未知状态

Question

I am making an AJAX request from a subdomain to main domain. I have set up CORS so that subdomain is attached automatically to the allowed domain listing. I am getting a 419 (unknown status) error and upon dumping the error I found out that I am getting TokenMissmatchException .

I noticed also that that is infact true because I also saw:

"_token" => "h7I07Iv0m4sF7XHhXjtygnfCtITgzCi3Ml8lfT7Z" // <-- sent
"_token" => "N118Izko7j5uf851MpijBXInFLaUVicRdf9uw3h4" // <-- in session

I am obviously sending token with my AJAX request as I see it in the headers section when inspecting the request.

I suppose there is some missmatch going on because I am traversing from my subdomain to my domain.

How can I align tokens across my main domain and all subdomains so that I don't get an exception?

NOTE

All AJAX routes are receiving a token from

<meta name="csrf-token" content="{{ csrf_token() }}">

Attaching it to every request in

$.ajaxSetup({
    headers: {
        'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
    }
});

EDIT

I have placed this under session.php

"domain" => "." . env('APP_URL'),

because of the cookies, even though honestly I'm not sure what it does

Answer 1

Session sharing across multiple domain..... There can be tweaks to do it. To make a cookie available in all the sub-domains you need to assign it to the root domain.

 session.cookie_domain = ".example.com"

Personally I would recommend a different approach (but it also depends on other factors upon which I don't have full visibility from your question....)

Perform the ajax call from/to the same subdomain (CSRF middleware protected, standard CSRF usage) On the controller perform a server to server backend call to your main domain (eg a curl_exec )

The server to server call is not visible and you can protect it... eg at network level or by adding an Oauth server if the two domain communicates through internet.