When sending POST request to /sanctum/csrf-cookie, CSRF protection for the application will be initialized, During this request, Laravel will set an XSRF-TOKEN cookie containing the current CSRF token. This token should then be passed in an X-XSRF-TOKEN header on subsequent requests, I was thinking, if i go to devtools > storage > cookies, then i can grab that csrf cookie and then use it manually and gain access to the application without logging in, if so, then how is that any secure ? shouldn't SPA authentication also has a method to destroy or revoke this cookie, shouldn't doing POST request to fortify route /logout destroy or revoke the cookie and then generate new one on future logins? if no then what is even the point of logging out ?, also shouldn't fortify and sanctum provide a way to revoke the cookie in case of SPA authentication like they do in API Token Authentication and Mobile Application Authentication ?
buliding Vue SPA authentication with Laravel Sanctum and Fortify
54 Views Asked by johnny shepherd At
0
There are 0 best solutions below
Related Questions in LARAVEL
- Function in anonymous Laravel Blade component
- Composer installation fails and reverts ./composer.json and ./composer.lock to original content
- Laravel: Using belongsToMany relationship with MongoDB
- Laravel's whereBetween method not working with two timestamps
- Implementing UUID as primary key in Laravel intermediate table
- Resolving ElephantIO ServerConnectionFailureException: Error establishing connection to server
- Undefined function getAdminPanelUrlPrefix()'error in Laravel SaaS project after installing chatmessenger
- PHP Laravel SQLServer could not find driver
- Laravel installation via Composer results in connection timeout error
- Is there a way of showing content in a Statamic antlers template if a user is authenticated?
- Livewire component JS script Uncaught SyntaxError: Unexpected token
- is there a solution to run cron job command in cpanel only from my cPanel host?
- Prevent a webpage from navigating away
- Deploy Flutter and Laravel php mobile app on the host server
- Please how I fetch user account balance, withdrawals, Loans and Transactions to display in the dashboard?
Related Questions in AUTHENTICATION
- Authenticate Flask rest API
- Sends a personalised error message from the back-end to the front-end with Nuxt-auth
- How to connect Spotify PKCE Authorization Boilerplate to Login-Button in React
- Laravel SPA auth with Sanctum
- _supabaseClient__WEBPACK_IMPORTED_MODULE_1__.supabase.auth.signIn is not a function
- My openID Authentication return 'You must have either https wrappers or curl enabled.'
- How to detect the Minimization of Custom Chrome Tabs on Android?
- Wordpress redirect to homepage after successfully logged in
- How to modify the prebuilt UI of authentication in aws amplify version 6 in React Native
- Creating a login system for my website, navlist not working?
- Receiving 400 bad request on post when customer auth handler is used
- Creating Azure B2B login system with Vue.js frontend & Python Django backend
- Gradio chatbot: how to export individual conversation histories?
- Set-Cookie header not forwarded by nginx to the client
- git asking for authentication when auth.json is present while running composer update
Related Questions in SINGLE-PAGE-APPLICATION
- How can I using useCookie in Nuxt 3 - Laravel API directory?
- Problem loading all of the resources for a single page application from REST API using Node.js and Express.js
- Angular Reusable Component with same selector
- Lost instance of my grpc in blazor webassembly when reload page
- Dynamically add pages in AEM Remote Spa
- Back Button in Onsen UI Navigator Triggering Validation Checks
- CSRF token from the 'X-Csrftoken' HTTP header incorrect
- Issue with Uploading File to Amazon S3 Bucket: File Saved as Blank
- Ensure USER is set to a value between 10000 and 20000
- ActionController::RoutingError (No route matches [GET] "/api/v1/contacts"): Rails + React
- Possible Bootstrap 5 bug when using data-bs-toggle="collapse" and offcanvas component. Fix?
- How to setup and configure service workers for a single page application to show an offline page
- Trying to make a single page application using window.onpopstate
- How do i securly save content in an vue SPA app
- Using both SPA and Blade view pages during authentication
Related Questions in FORTIFY
- How to send laravel 10 fortify reset password email via database queue system?
- 'XML External Entity Injection' issue isn't resolving even after fortify recommended suggestion
- Partial View loading using javascript : Possible XSS by FORTIFY
- Laravel - Fortify guard for different routes and unit tests
- Laravel Breeze 2fa challange not showing up
- Fortify - Access control: database
- Export comments from Fortify Software Security Center
- Fortify remote scan - Jenkins
- Hardcode password in application.yml Fortify issue
- How does Fortify calculates the "estimated remediation effort" score?
- buliding Vue SPA authentication with Laravel Sanctum and Fortify
- Laravel Fortify SPA POST /logout 419 unknown status
- How to resolve Fortify Remediation Plugin issue having Read Time Out?
- ASP.NET Fortify - Why is a field retrieved from the Web.config being classified as a resource identifier argument?
- Fixing Fortify Cross-Site Scripting: Persistent Error
Related Questions in LARAVEL-SANCTUM
- Laravel SPA auth with Sanctum
- Invoking Local API from a Laravel controller within the same Laravel application
- Session store not set on request Laravel 11
- Why is sanctum not authenticating me with my cookie?
- Laravel, group protected routes usigng sanctum authentication
- Laravel 11: How to control RedirectIfAuthenticated behavior?
- Laravel 11 Specifying a Custom Model for Sanctum
- Securing Token Authentication in Laravel 10 with Separate Vue 3 Client
- How to Render Mapbox Map in React.js Without Exposing API Key using Mapbox GL JS and Laravel Backend?
- Vue3 + Ionic + Sanctum mobile authenthication gives back 419
- Shouldn't the [auth:sanctum] middleware reject requests that have only web authentication?
- XSRF-TOKEN token sent still getting 419 (CSRF token mismatch) using Laravel Sanctum
- laravel/sanctum rest api token authorization failure with private token
- Laravel Postman - Retrieving the user model only on second time clicking Login
- Cannot authenticate using spa
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?