[10.x] Add new Axios v1.6.2 withXSRFToken option to documentation (#…

…9152) * Add new Axiox `withXSRFToken` option to documentation * Update sanctum.md --------- Co-authored-by: Taylor Otwell <taylor@laravel.com>
laravel · Nov 22, 2023 · f708a58 · f708a58
1 parent 9926bc3
commit f708a58
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/sanctum.md b/sanctum.md
@@ -283,10 +283,11 @@ If you are having trouble authenticating with your application from a SPA that e
 
 You should ensure that your application's CORS configuration is returning the `Access-Control-Allow-Credentials` header with a value of `True`. This may be accomplished by setting the `supports_credentials` option within your application's `config/cors.php` configuration file to `true`.
 
-In addition, you should enable the `withCredentials` option on your application's global `axios` instance. Typically, this should be performed in your `resources/js/bootstrap.js` file. If you are not using Axios to make HTTP requests from your frontend, you should perform the equivalent configuration on your own HTTP client:
+In addition, you should enable the `withCredentials` and `withXSRFToken` options on your application's global `axios` instance. Typically, this should be performed in your `resources/js/bootstrap.js` file. If you are not using Axios to make HTTP requests from your frontend, you should perform the equivalent configuration on your own HTTP client:
 
 ```js
 axios.defaults.withCredentials = true;
+axios.defaults.withXSRFToken = true;
 ```
 
 Finally, you should ensure your application's session cookie domain configuration supports any subdomain of your root domain. You may accomplish this by prefixing the domain with a leading `.` within your application's `config/session.php` configuration file: