New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting a new XSRF-Token using useRequestHeaders after updating to Nuxt 3.8.0 #23968
Comments
Possibly related to #23900 |
Would you be able to provide a reproduction? 🙏 More infoWhy do I need to provide a reproduction?Reproductions make it possible for us to triage and fix issues quickly with a relatively small team. It helps us discover the source of the problem, and also can reveal assumptions you or we might be making. What will happen?If you've provided a reproduction, we'll remove the label and try to reproduce the issue. If we can, we'll mark it as a bug and prioritize it based on its severity and how many people we think it might affect. If How can I create a reproduction?We have a couple of templates for starting with a minimal reproduction: 👉 https://stackblitz.com/github/nuxt/starter/tree/v3-stackblitz A public GitHub repository is also perfect. 👌 Please ensure that the reproduction is as minimal as possible. See more details in our guide. You might also find these other articles interesting and/or helpful: |
This is likely not linked to #23900 unless you are using |
I created a reproducer: Frontend: https://github.com/ahoiroman/csrf-frontend-reproducer I also created a small video showing the issue on my local instance of that reproducer. I will also try to provide a public reproducer you all could use to play around. Bildschirmfoto.2023-10-27.um.11.51.32.mp4 |
This video shows the behavior on running Nuxt 3.7.4 (there is no issue): Bildschirmfoto.2023-10-27.um.12.06.06.mp4 |
Same problem here... A little problematic. Thanks @ahoiroman, helped us a lot. Lets hope we can resolve this 🙂! |
Did my reproducer help, @danielroe ? Anything I can do (with my limited possibilities) to help you out? |
As this is still tagged with "needs reproduction" I'd like to ask, whether I can help with an live-example/a hosted version of the laravel instance? |
Is there a temporary solution for it? I'm facing the same issue on production. |
This should be resolved in v3.8.2 via #24333. Let me know if not and I'll reopen. |
@danielroe I just tested it, and I can confirm that the issue still exists. |
Also seeing this on 3.8.2. @ahoiroman did you manage to find a workaround ? |
Unfortunately not, I am sorry. |
I've managed to find a workaround. The key is to delete the CSRF cookie when there is an error. |
Thank you @misbahansori and @ahoiroman for your research and ideas. For now, I made a workaround like this.
This goes on top of |
This also prevents me from upgrading out of 3.7.x |
This appears to be fixed on Nuxt 3.9.1, at least for us. No additional XSRF-TOKEN is being generated.
Backend
|
Environment
Darwin
v20.6.1
3.8.0
3.9.1
2.7.0
npm@9.8.1
-
modules
,extends
,imports
,colorMode
,devtools
,app
,runtimeConfig
,routeRules
,content
,i18n
,image
,googleFonts
,tailwindcss
@nuxt/ui@2.9.0-28293701.a8279d1
,@nuxt/content@2.8.5
,@nuxtjs/i18n@8.0.0-rc.5
,@nuxt/image@1.0.0
,@nuxtjs/google-fonts@3.0.2
-
Reproduction
As one needs a working Laravel API as backend to reproduce this, I cannot really provide a reproduction.
Describe the bug
I got an issue after upgrading to Nuxt 3.8.0
I am using this little util to consume my Laravel sanctum api:
After upgrading to Nuxt 3.8.0, I am getting CSRF-errors, once
process.server
is true:What happens: I am getting another XSRF-cookie with another cookie domain (not .example.test, but web.example.test).
Downgrading to Nuxt 3.7.4 solves the problem.
Additional context
No response
Logs
No response
The text was updated successfully, but these errors were encountered: