I am making an AJAX request from a subdomain to main domain. I have set up CORS so that subdomain is attached automatically to the allowed domain listing. I am getting a 419 (unknown status) error and upon dumping the error I found out that I am getting TokenMissmatchException.
I noticed also that that is infact true because I also saw:
"_token" => "h7I07Iv0m4sF7XHhXjtygnfCtITgzCi3Ml8lfT7Z" // <-- sent
"_token" => "N118Izko7j5uf851MpijBXInFLaUVicRdf9uw3h4" // <-- in session
I am obviously sending token with my AJAX request as I see it in the headers section when inspecting the request.
I suppose there is some missmatch going on because I am traversing from my subdomain to my domain.
How can I align tokens across my main domain and all subdomains so that I don't get an exception?
NOTE
All AJAX routes are receiving a token from
<meta name="csrf-token" content="{{ csrf_token() }}">
Attaching it to every request in
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
EDIT
I have placed this under session.php
"domain" => "." . env('APP_URL'),
because of the cookies, even though honestly I'm not sure what it does
