my-website/config/sanctum.php

<?php

use Laravel\Sanctum\Sanctum;

return [

    /*
    |--------------------------------------------------------------------------
    | Stateful Domains
    |--------------------------------------------------------------------------
    |
    | Requests from the following domains / hosts will receive stateful API
    | authentication cookies. Typically, these should include your local
    | and production domains which access your API via a frontend SPA.
    |
    */

    'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
        '%s%s',
        'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
        Sanctum::currentApplicationUrlWithPort()
    ))),

    /*
    |--------------------------------------------------------------------------
    | Sanctum Guards
    |--------------------------------------------------------------------------
    |
    | This array contains the authentication guards that will be checked when
    | Sanctum is trying to authenticate a request. If none of these guards
    | are able to authenticate the request, Sanctum will use the bearer
    | token that's present on an incoming request for authentication.
    |
    */

    'guard' => ['web'],

    /*
    |--------------------------------------------------------------------------
    | Expiration Minutes
    |--------------------------------------------------------------------------
    |
    | This value controls the number of minutes until an issued token will be
    | considered expired. This will override any values set in the token's
    | "expires_at" attribute, but first-party sessions are not affected.
    |
    */

    'expiration' => null,

    /*
    |--------------------------------------------------------------------------
    | Token Prefix
    |--------------------------------------------------------------------------
    |
    | Sanctum can prefix new tokens in order to take advantage of numerous
    | security scanning initiatives maintained by open source platforms
    | that notify developers if they commit tokens into repositories.
    |
    | See: https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning
    |
    */

    'token_prefix' => env('SANCTUM_TOKEN_PREFIX', ''),

    /*
    |--------------------------------------------------------------------------
    | Sanctum Middleware
    |--------------------------------------------------------------------------
    |
    | When authenticating your first-party SPA with Sanctum you may need to
    | customize some of the middleware Sanctum uses while processing the
    | request. You may change the middleware listed below as required.
    |
    */

    'middleware' => [
        'authenticate_session' => Laravel\Sanctum\Http\Middleware\AuthenticateSession::class,
        'encrypt_cookies' => App\Http\Middleware\EncryptCookies::class,
        'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,
    ],

];
initial commit 2024-02-15 19:19:47 +02:00			`<?php`

			`use Laravel\Sanctum\Sanctum;`

			`return [`

			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Stateful Domains`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| Requests from the following domains / hosts will receive stateful API`
			`\| authentication cookies. Typically, these should include your local`
			`\| and production domains which access your API via a frontend SPA.`
			`\|`
			`*/`

			`'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(`
			`'%s%s',`
			`'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',`
			`Sanctum::currentApplicationUrlWithPort()`
			`))),`

			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Sanctum Guards`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| This array contains the authentication guards that will be checked when`
			`\| Sanctum is trying to authenticate a request. If none of these guards`
			`\| are able to authenticate the request, Sanctum will use the bearer`
			`\| token that's present on an incoming request for authentication.`
			`\|`
			`*/`

			`'guard' => ['web'],`

			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Expiration Minutes`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| This value controls the number of minutes until an issued token will be`
			`\| considered expired. This will override any values set in the token's`
			`\| "expires_at" attribute, but first-party sessions are not affected.`
			`\|`
			`*/`

			`'expiration' => null,`

			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Token Prefix`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| Sanctum can prefix new tokens in order to take advantage of numerous`
			`\| security scanning initiatives maintained by open source platforms`
			`\| that notify developers if they commit tokens into repositories.`
			`\|`
			`\| See: https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning`
			`\|`
			`*/`

			`'token_prefix' => env('SANCTUM_TOKEN_PREFIX', ''),`

			`/*`
			`\|--------------------------------------------------------------------------`
			`\| Sanctum Middleware`
			`\|--------------------------------------------------------------------------`
			`\|`
			`\| When authenticating your first-party SPA with Sanctum you may need to`
			`\| customize some of the middleware Sanctum uses while processing the`
			`\| request. You may change the middleware listed below as required.`
			`\|`
			`*/`

			`'middleware' => [`
			`'authenticate_session' => Laravel\Sanctum\Http\Middleware\AuthenticateSession::class,`
			`'encrypt_cookies' => App\Http\Middleware\EncryptCookies::class,`
			`'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,`
			`],`

			`];`