Comments (15)
Well, that is the correct behavior. The API docs are just like any other page. Once you are logged into your domain, the cookies for session etc are set by Laravel. And when the API call is made, the api is able to authenticate the user.
Well in postman i can call the endpoints without setting a cookie/session. I should be able to call the endpoints openly.
Im not using CRSF, im using sanctum token based api calls.
Some endpoints are behind my sanctum auth middleware so i need a bearer auth token to get to these.
from laravel-request-docs.
Hi, thanks for reporting.
Let me have a look.
If I remove adding X-CSRF-TOKEN to headers when it's value is empty, would work for you?
from laravel-request-docs.
Like this: #68
from laravel-request-docs.
This is the request that is not working from the documents. I caught the request in console:
Result:
{"status":500,"success":false,"error":{"code":500,"message":"CSRF token mismatch."}}
curl 'http://localhost/api/auth'
-H 'Accept: application/json, text/plain, /'
-H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8'
-H 'Authorization: Bearer'
-H 'Cache-Control: no-cache'
-H 'Connection: keep-alive'
-H 'Content-Type: application/json;charset=UTF-8'
-H 'Cookie: JSESSIONID.2b84989e=node07l6xggrciay8jx7295segy967.node0; JSESSIONID.5353d309=node01l7d23qeq46bnqv7uhe64qtfl2.node0; jenkins-timestamper-offset=-7200000; JSESSIONID.e0139d4a=node01jc68r3nruauq1qryxpvtsuy359.node0; screenResolution=1920x1080; JSESSIONID.c93846e1=node07tt6op3njuqywuwa128iem0p0.node0; JSESSIONID.25ec0c08=node026o0go5nquq1daizxvtuj3552.node0; JSESSIONID.afa366ea=node088cymhiju4gx19jtkaaaaktcn4.node0; JSESSIONID.b2d12f37=node0h6phxoodtlw21892ftjp56vrs0.node0; JSESSIONID.8df212d3=node01a7m3arx63ovt12qkzl4m9z4430.node0; JSESSIONID.9a3073d2=node061k4j5olaxo6lphqxghvnkt70.node0; JSESSIONID.5b57156e=node01nd9y4s0s8zpj19alodss0fy510.node0; JSESSIONID.ed350b34=node01olt5dl2iulbfytkij40v3b6m2.node0; JSESSIONID.d79d91e4=node019bleri6n83s21t63gh4sbqvbr0.node0; XDEBUG_PROFILE=; PHPSESSID=90300e5a16bdf041b4fa3a54453ef9bd; _ga=GA1.1.975793485.1650558215'
-H 'Origin: http://localhost'
-H 'Pragma: no-cache'
-H 'Referer: http://localhost/request_doc'
-H 'Sec-Fetch-Dest: empty'
-H 'Sec-Fetch-Mode: cors'
-H 'Sec-Fetch-Site: same-origin'
-H 'Sec-GPC: 1'
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.79 Safari/537.36'
-H 'X-CSRF-TOKEN: '
-H 'X-Request-LRD: lrd'
--data-raw '{"email":"","password":""}'
--compressed
This is working from postman extract:
curl --location --request POST 'http://localhost/api/auth'
--header 'Content-Type: application/json'
--header 'Accept: application/json'
--data-raw '{
"email": "",
"password": ""
}'
from laravel-request-docs.
If i take out
-H 'Origin: http://localhost'
-H 'Referer: http://localhost/request_doc' \
then it works. Wonder if its Cors
from laravel-request-docs.
Interesting. I don't think it is cors issue, but trusthosts or trust proxies issues, which you try to change it inside your project.
class TrustProxies extends Middleware
{
/**
* The trusted proxies for this application.
*
* @var array|string|null
*/
protected $proxies = ['127.0.0.1', 'localhost'];
Not sure, I ll try and reproduce on my local
from laravel-request-docs.
Interesting. I don't think it is cors issue, but trusthosts or trust proxies issues, which you try to change it inside your project.
class TrustProxies extends Middleware { /** * The trusted proxies for this application. * * @var array|string|null */ protected $proxies = ['127.0.0.1', 'localhost'];
Not sure, I ll try and reproduce on my local
Ok, not a cors issue.
{
"message": "CSRF token mismatch.",
"exception": "Symfony\Component\HttpKernel\Exception\HttpException",
"file": "/var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php",
"line": 357,
"trace": [
{
"file": "/var/www/html/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php",
"line": 331,
"function": "prepareException",
"class": "Illuminate\Foundation\Exceptions\Handler",
"type": "->"
},
This is with the docs. My api works with sanctum
from laravel-request-docs.
I generated the docs again and now its working. very strange. thanks
from laravel-request-docs.
Thanks for the update buddy @jackkitley
from laravel-request-docs.
@kevincobain2000 Happening again.
from laravel-request-docs.
I use docker. Not sure if this should resolve somehow?
from laravel-request-docs.
I replicated the issue which is a strange one for the API docs. When you authenticate via the website and get a session and then go back to the api docs and click run then it all works again? very strange.
from laravel-request-docs.
Well, that is the correct behavior. The API docs are just like any other page. Once you are logged into your domain, the cookies for session etc are set by Laravel. And when the API call is made, the api is able to authenticate the user.
from laravel-request-docs.
Just an update. If i modify the verify CSRF middleware to exclude the checks for /api/* then it works. But its still strange that these requests are coming through as web.
from laravel-request-docs.
Fixed in #124
from laravel-request-docs.
Related Issues (20)
- Headers docs HOT 2
- Headers that is checked in middleware HOT 2
- Set Authorization Token HOT 1
- Adding auth middleware to protect url of request-docs HOT 4
- request-docs subdirectory HOT 3
- Feature: add support for spatie query builder HOT 2
- [BUG] Response error: TypeError: Failed to fetch HOT 2
- Feature Request: Support for Defining Tags in Documentation for SDK Generation with openapi-generator.tech HOT 2
- Documentation Naming HOT 2
- How To access pages only Auth Login HOT 1
- Implement resources HOT 2
- Move setting on view to config file HOT 1
- Move group by and sort by settings to config too
- [BUG] invalid headers generated in curl HOT 2
- generated curl command is not friendly for copy-paste HOT 1
- Security Scheme Missing From Open-API Export HOT 2
- JSON.parse: error when using avaribale or a consts in request validation rules HOT 2
- Request query parameters are not handled for GET requests HOT 3
- Not able to upload files HOT 3
- Need to support Laravel 11 route action
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from laravel-request-docs.