building SPA application and testing endpoints with Postman. Heads up that my routes are declared in api.php. I'm able to hit CSRF endpoint(/sanctum/csrf-cookie) and receive the cookie, session. However, when I'm trying to reach the protected(auth:sanctum) route, I receive unauthenticated message. Postman hierarchy looks like this. Forgot to mention that the pre-request script is inside the collection:
App(Collection) ->
Auth(Folder) ->
Requests ->
(Get) CSRF,
(Post) Login,
(Post) Register.
Under the App collection I have Pre-request script, which looks like this(see below). I'm able to console.log the cookie variable, which shows the exact value of XSRF-TOKEN:
const jar = pm.cookies.jar();
jar.get("http://localhost:3000", "XSRF-TOKEN", (error, cookie) => {
pm.request.addHeader({
key: "X-XSRF-TOKEN",
value: cookie
});
pm.request.addHeader({
key: "Referer",
value: "http://localhost:3000"
});
});
In my .env file my session configuration looks like this:
SESSION_DRIVER=cookie
SESSION_LIFETIME=120
SESSION_DOMAIN=localhost
SANCTUM_STATEFUL_DOMAINS=localhost:3000
sanctum.php looks like this, where APP_URL is localhost:5000, and the FRONTEND_URL is localhost:3000:
'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
'%s%s%s',
'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
env('APP_URL') ? ',' . parse_url(env('APP_URL'), PHP_URL_HOST) : '',
env('FRONTEND_URL') ? ',' . parse_url(env('FRONTEND_URL'), PHP_URL_HOST) : ''
))),
Any thoughts what can cause the issue?