Use bruno to connect to an API using Laravel Sanctum.

[roncallyt]

Hi guys,

I was configuring a project with Laravel Sanctum as authentication method and I found some difficulties in implementation.

At Postman, I had a Pre-request script like this one:

pm.sendRequest({
	url: pm.environment.get("BASE_URL") + '/sanctum/csrf-cookie',
	method: 'GET'
}, function (error, response, { cookies }) {
	if (!error) {
		pm.environment.set('xsrf-token', cookies.get('XSRF-TOKEN'))
	}
})

That I tried to translate to Bruno, at Pre-request section on collection settings, like this:

const axios = require("axios")

const config = {
  headers: {
    'Accept': 'application/json',
    'Content-Type': 'application/json',
    'Referer': bru.getEnvVar('REFERER')
  }
}

try {
  const response = await axios.get(`${bru.getEnvVar('BASE_URL')}/sanctum/csrf-cookie`, config)

  const cookie = response.headers['set-cookie']
  const match  = cookie.match(/XSRF-TOKEN=([^;]+)/)
  const token = decodeURIComponent(match[1])

  bru.setEnvVar('X-XSRF-TOKEN', token)
  
  req.setHeader('Referer', bru.getEnvVar('REFERER'))
  req.setHeader('xsrf-token', bru.getEnvVar('X-XSRF-TOKEN'))
} catch (e) {
  console.error(e)
}

The principle is the same, make a GET Request to endpoint /sanctum/csrf-cookie, catch the cookie named XSRF-TOKEN and set this to the environment variable, then set two headers to the current Request:

• The Referer
• The xsrf-token

This two headers should be enough to a successful request, but i always receive a back-end error saying, CSRF Token mismatch.

I founded a similar issue (#1493) and follow the steps, it works, but every time that i need to login into API, I need to make a Request to a get endpoint manually.

The pre-request script would be to do this automatically.

Anyone pass through this situation? Or can help me to solve this?

If there isn't any solution, i will maintain the workflow that works for me today, but i would like to solve this problem.