I am using Laravel Sanctum with Vuejs SPA. Both reside on same top level domain
Laravel backend : app.demo.localhost
Vue SPA : app-spa.demo.localhost
Login and logout (endpoints) are working correctly when called from VueJS SPA using axios and XSRF-TOKEN is succesfully set, but when I call other api end points it gives me 401 unauthorized.
In axios this is being set
axios.defaults.withCredentials = true;
I have the below configurations
In Laravel .env
SESSION_DRIVER=cookie
SESSION_DOMAIN=.demo.localhost
SANCTUM_STATEFUL_DOMAINS=app-spa.demo.localhost
In Routes/Api.php
Route::middleware('auth:sanctum')->get('api/user', function (Request $request) {
return $request->user();
});
In cors.php
'paths' => ['api/*', 'sanctum/csrf-cookie', 'login', 'logout'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true,
Could someone help me out please?
If you are using php artisan serve add the port number to SANCTUM_STATEFUL_DOMAINS. So if your port number is 8000:
SESSION_DRIVER=cookie
SESSION_DOMAIN=.demo.localhost
SANCTUM_STATEFUL_DOMAINS=app-spa.demo.localhost:8000
Your SANCTUM_STATEFUL_DOMAINS must match the url in your browser. The port number should not be on the SESSION_DOMAIN.
Following are the 8 steps that I follow while setting up Laravel sanctum check if you missed anything
Step1 composer require laravel/sanctum
Step2 php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider
Step3 php artisan migrate (you can ignore this if you're using spa)
Step4 uncomment this line from app/http/kernel.php \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
Step5 In config/cors.php update 'supports_credentials' => true,
Step6 In .env file update SESSION_DRIVER=cookie & add new line of SESSION_DOMAIN=localhost (even if your using any port like 8080 just mention localhost in session_domain)
Step7 In config/sanctum.php add your client domain along with port(if local) in stateful as follows, in my case for vue CLI it's usually localhost:8080 & for nuxt its localhost:3000 , code is as follows
'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
'%s%s',
'localhost,localhost:8000,localhost:8080,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
env('APP_URL') ? ','.parse_url(env('APP_URL'), PHP_URL_HOST) : ''
))),
Mostly if your stateful (step7) is not setup properly you will get 401 unauthorized or it will try to redirect you to the home page along with cors policy error
Step8 Do not forget to await until sanctum/csrf-cookie promise is resolved
async login() {
await axios.get("http://localhost:8000/sanctum/csrf-cookie");
await axios.post("http://localhost:8000/login", {
email: "kunal#gmail.com",
password: "password",
});
let response = await axios.get("http://localhost:8000/api/user");
console.log(response.data);
},
For anyone dealing with localhost:
SESSION_DRIVER=cookie
SESSION_DOMAIN=localhost
SANCTUM_STATEFUL_DOMAINS=localhost:8080(port number you use)
I just encountered the same problem. I configured all the options according to the official documentation, but I couldn't get the authorization.
Then I use routes/web.php instead of routes/api.php, so I can use sanctum middleware very well.
Now the problem seems obvious,Axios withCredentials maybe need to place in the correct way.
const http = axios.create({
baseURL: API_URL,
withCredentials: true
})
maybe not work. So I add {withCredentials: true} like
http.get('/api/whoami', {withCredentials: true})
.then(res => {
console.log(res.data)
})
Then it works.
But the very strange thing is that it is normal now, no matter whether I clear the browser cache, cookies or Laravel's various caches, there is no previous situation
For me i just had to place the host with port number:
SANCTUM_STATEFUL_DOMAINS=127.0.0.1:5173
and it started working.
Maybe this helps someone.
My problema was.... (no read with attention)
If your SPA needs to authenticate with private / presence broadcast channels, you should place the Broadcast::routes method call within your routes/api.php file:
Hi i found a solution.
My SPA is Vue v3 working on 3000 port.
Also my backend is working on 80 port. (laravel 8.1)
Make Stateful Domains in config/sanctum.php like that
'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
'%s%s',
'localhost:3000',
env('APP_URL') ? ','.parse_url(env('APP_URL'), PHP_URL_HOST) : ''
))),
Adding only one and correct domain on their, worked for me magically. I wrote before there whole possible variant of ports, it made me crazy and cost a couple days and nights.
My issue was I setup the domain in the wrong place.
I thought was an array of domains, in config/sanctum.php, but not, needs to be placed within the string:
OK:
'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
'%s%s',
'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1,myownlocaldomain.test,myownlocaldomain.test:8080', <-------- OK
env('APP_URL') ? ','.parse_url(env('APP_URL'), PHP_URL_HOST) : ''
))),
BAD:
'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
'%s%s',
'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
env('APP_URL') ? ','.parse_url(env('APP_URL'), PHP_URL_HOST) : '',
'myownlocaldomain.test', <----- BAD
'myownlocaldomain.test:8080', <---- BAD
))),
I hope I save days of work to someone else...
With the newly available community version of Parse server (https://github.com/parse-community/parse-server) there does not seem to be a configuration option to disable the /files endpoints which allow for file upload and hosting. I would very much like to disable this feature, and Cloud Code server-side hooks are not a good option (not currently supported in parse-dashboard, among other problems). What's the best way to disable these endpoints?
Using a little middleware works for me. Add this to your parse app config:
{
"middleware": "disableFilesMiddleware",
}
And then for your middleware module disableFilesMiddleware.js:
module.exports = function( req , res , next ){
if( req.path.substring( 0 , 12 ) === '/parse/files' ) {
res.status(400).send({ code: 119 , message: 'files endpoints are disabled' });
return;
}
next();
};
For anyone using Parse 5+, you can configure this in your Parse Server config to disabled all uploading:
fileUpload: {
enableForPublic: false,
enableForAnonymousUser: false,
enableForAuthenticatedUser: false
}
You can read about it in the docs here
I am trying to write a simple electron app to interface with a REST server. The server doesn't have the appropriate certificates. When I try to make a 'GET' request (using fetch()), I get the following error message:
Failed to load resource: net::ERR_BAD_SSL_CLIENT_AUTH_CERT
Fixing the certs is not currently an option. I tried to use the 'ignore-certificates-error' flag (see below). It seems like it should allow me to skip over this error, but it doesn't.
var electron = require('electron');
var app = electron.app
app.commandLine.appendSwitch('ignore-certificate-errors');
...
The result is the same error.
Questions:
I am correct in assuming this options is supposed to help here?
If so, any ideas what I am doing wrong?
Electron version: 1.2.8
Thanks!
You can update your version of electron and use this callback:
app.on('certificate-error', (event, webContents, link, error, certificate, callback) => {
if ('yourURL/api/'.indexOf(link) !== -1) {
// Verification logic.
event.preventDefault();
callback(true);
} else {
callback(false);
}
});
That you going do the fetch to your api with https.
Im new in php and im trying to make a script who will create a new repository in github and catch a document that i have in my pc and make a commit in this new repository. This script will be executed in cmd. I search for github api and I have downloaded any folders with several files, i installed some things with a composer, but i cant create a new instance of github in my php.
I don't know anything about this, I spend two days in this and i cant write a function to talk with github. In the site of github developer I dont understand anything, I really need to do this, and im very lost. Im using PhpStorm 6.0.3.
What i cant understand:
1- The api is a folder with a lot of files? Or is a library who is imported in the phpstorm? How i put this in the phpstorm for i can get the methods and create my functions?
2- Where i get the methods for talk with the github api? Where i can see them? In github developer i dont understand nothing.
I see a question similar, but dont help me much.
Please help me
EDIT
I downloaded an api, and i use the composer require, apparently everything is fine, but when i execute some file to test the api, the same error pops up. The program cant find some files that is in the project, in the same folder.
Ex: PHP Fatal error: Interface 'Github\Api\ApiInterface' not found in D:\php-github-api-master\lib\Github\Api\AbstractApi.php on line 15
In anothers files the same error appears, i put "use" referecing the files that im trying to use, but dont work. Ex: use Github\Api\ApiInterface;
EDIT
This code will create a new repository right? When i execute this code I get the error above, Class 'Github\Api\AbstractApi' not found, but the class is in there.
class Repo extends AbstractApi
{
public function create(
$name,
$description = '',
$homepage = '',
$public = true,
$organization = null,
$hasIssues = false,
$hasWiki = false,
$hasDownloads = false,
$teamId = null,
$autoInit = false
) {
$path = null !== $organization ? 'orgs/'.$organization.'/repos' : 'user/repos';
$parameters = array(
'name' => $name,
'description' => $description,
'homepage' => $homepage,
'private' => !$public,
'has_issues' => $hasIssues,
'has_wiki' => $hasWiki,
'has_downloads' => $hasDownloads,
'auto_init' => $autoInit
);
if ($organization && $teamId) {
$parameters['team_id'] = $teamId;
}
return $this->post($path, $parameters);
}
}
Thanks,
Johann.
I finish my script, everything was done correct, sorry for my obviosly questions and thanks for who was answer me. My code:
<?php
include "vendor/autoload.php";
$client = new \Github\Client();
$username = "JohannLucas";
$password = "mypassword";
$method = Github\Client::AUTH_HTTP_PASSWORD;
//authenticate
$client->authenticate($username, $password, $method);
//Apagar Repositório
//$client->api('repo')->remove('JohannLucas', 'teste');
//Criar Repositório
$client->api('repo')->create('olamundo', 'Repositorio criado com o github api', 'http://my-repo-homepage.org', true);
//Commit
$committer = array('name' => 'JohannLucas', 'email' => 'johann.lucas#hotmail.com');
$path = "teste.txt";
$commitMessage = "Commit do teste.txt";
$content = "Olá Mundo!";
$branch = "master";
$repo = "olamundo";
$fileInfo = $client->api('repo')->contents()->create('JohannLucas', 'olamundo', $path, $content, $commitMessage, $branch, $committer);
print_r("Foi!");
Thanks!
Johann
I am trying for hours, but I just can't figure it out, how to enable a https connection with vagrant and puppet.
I have a folder files/htdocs which contains different configs-files. Like vhosts. It was a preset, with an empty ssl and empty vhosts_ssl folder. It put my ssl certificate in the ssl folder and my httpd-ssl.conf in the vhosts_ssl folder. Those files where working lokal with my MAMP Webserver.
In the Puppet config I wrote the following:
file { "/etc/httpd/vhosts":
replace => true,
ensure => present,
source => "/vagrant/files/httpd/vhosts",
recurse => true,
}
file { "/etc/httpd/vhosts_ssl":
replace => true,
ensure => present,
source => "/vagrant/files/httpd/vhosts_ssl/httpd-ssl.conf",
}
file { "/etc/httpd/ssl":
replace => true,
ensure => present,
source => "/vagrant/files/httpd/ssl",
recurse => true,
}
The normal vhosts are working, therefore I thougt I can copy the structure and just enter the new paths for ssl and vhosts_ssl.
But its not working. Maybe you know how to fix this.
Thanks.
I think I found a solution, but I have no time to test it right know.
Here is the link to the possible solution.
https://forge.puppetlabs.com/puppetlabs/apache
I will update my Questing/Answere when I tried it.