- Open thunder client, switch to
Env
and create a local environment. - Add a test to your collection by navigating to the
Tests
tab, then selectSet Env Variable
, set query tocookie.xsrf-token
and value to{{XSRF-TOKEN, local}}
- In the
Headers
tab, add an header namedX-XSRF-TOKEN
with value{{XSRF-TOKEN | urlDecode}}
. - Create a request to
/sanctum/csrf-cookie
to refresh CSRF Token if it expires
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// yarn add --dev @esbuild-plugins/node-globals-polyfill | |
import { NodeGlobalsPolyfillPlugin } from '@esbuild-plugins/node-globals-polyfill' | |
// yarn add --dev @esbuild-plugins/node-modules-polyfill | |
import { NodeModulesPolyfillPlugin } from '@esbuild-plugins/node-modules-polyfill' | |
// You don't need to add this to deps, it's included by @esbuild-plugins/node-modules-polyfill | |
import rollupNodePolyFill from 'rollup-plugin-node-polyfills' | |
export default { | |
resolve: { | |
alias: { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* Postman Pre-Request script to append CSRF token in header for POST requests in Laravel | |
* Sanctum authenticated SPA. Requires active environment with {{url}} variable defined | |
* for main app domain. | |
* | |
* Postman Interceptor allows appending cookies from browser, but Laravel CSRF middleware | |
* only validates CSRF in headers or in _token form field, not in cookies. Axios automatically | |
* appends the CSRF from cookie to headers, but Postman cannot access intercepted cookies | |
* and use them, so we have to do one pre-request to get the CSRF token, store it | |
* in environment so it can be reused, and then append it to headers. |