fix(auth): add Sanctum stateful middleware so SPA API routes work with session cookies

- Add EnsureFrontendRequestsAreStateful to api middleware stack - Create config/sanctum.php with cts-work.test as stateful domain - Fixes 'Unauthenticated' error on SongDB and other API-backed pages
2026-03-02 13:25:29 +01:00 · 2026-03-02 13:25:29 +01:00 · 6c59922e96
parent 22f1829132
commit 6c59922e96
2 changed files with 9 additions and 0 deletions
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@ -19,6 +19,10 @@
        $schedule->command('cts:sync')->hourly();
    })
    ->withMiddleware(function (Middleware $middleware): void {
+        $middleware->api(prepend: [
+            \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
+        ]);
+
        $middleware->web(append: [
            \App\Http\Middleware\HandleInertiaRequests::class,
            \Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets::class,
--- a/config/sanctum.php
+++ b/config/sanctum.php
@ -0,0 +1,5 @@
+<?php
+
+return [
+    'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', 'localhost,localhost:8000,127.0.0.1,127.0.0.1:8000,::1,cts-work.test')),
+];