DEV Community

Discussion on: Secure authentication in Nuxt SPA with Laravel as back-end

Collapse
 
jameshull profile image
James R. Hull 🎬

It looks like the refresh_token part is not working, unless I missed something. I can login, x-access-token is there - but when it comes time to refresh - I get the 403 error.

Collapse
 
jameshull profile image
James R. Hull 🎬

I was totally wrong about the withCredentials key...everything kept failing till I put it back the way you had it with credentials instead...weird because it goes against everything else I see.

THANK YOU!

Thread Thread
 
kenegade profile image
Ken Hall • Edited

Hi there, I'm running into a CORS issue that I can't seem to get around. I'm using Laravel 7.5.2. Basically anytime I try to use the register function I get: Access to XMLHttpRequest at 'myapi.test/api/register' from origin 'localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. If I change the 'credentials' to 'withCredentials', it passes the CORS preflight, but then the token part does not appear to be working.

***FOLLOW UP: I'm still using the 'withCredentials' parameter. The issue going in that direction was in the .env using CLIENT_ID as opposed to PASSWORD_CLIENT_ID. That was mentioned before in this thread. Thanks!