Can't seem to work out why I keep getting CSRF token mismatch with my deployed app. On local using valet it's working fine.
The backend and frontend are on 2 different servers but they share the same subdomain so surely this should work?
My local .env contains the following:
SESSION_DOMAIN=.rss.test
SANCTUM_STATEFUL_DOMAINS=front.rss.test:3001
My live .env contains the following:
SESSION_DOMAIN=.dally.tech
SANCTUM_STATEFUL_DOMAINS=rss.dally.tech
The API is sat on the domain:
rss-api.dally.tech
Really confused why this isn't working.