Laravel app is not creating XSRF-TOKEN cookie

[mhetreramesh]

As per laravel docs, every application should create encrypted XSRF-TOKEN cookie. I also have this cookie on my dev environment but not on lambda function.

This is the cookie missing on lambda function.

I've tried adding custom header for lambda function in serverless file, like:

functions:
  # This function runs the my website/API
  web:
    handler: public/index.php
    timeout: 28 # in seconds (API Gateway has a timeout of 29 seconds)
    layers:
      - ${bref:layer.php-74-fpm}
      - ${bref:extra.gd-php-74}
    events:
      - httpApi: '*'
        cors:
          origin: '*'
          headers:
            - X-XSRF-TOKEN

I use this to on the frontend(Inertia) application for axios requests.

Does someone has any idea if I'm missing something?

[aristidesneto-bnw]

Did you manage to solve it?

I managed to solve it by going straight to the CloudFront panel and adding the X-CSRF-TOKEN header to the Policy (custom policies -> cache key settings).

But using the serverless.yml file I had no success following as described in the documentation https://github.com/getlift/lift/blob/master/docs/server-side-website.md#forwarded-headers.

I would not like to add the header manually through CloudFront, but through the serverless.yml configuration file

[evrend]

@aristidesneto-bnw Thank you very much for the serverless-lift doc's link. After 3-4 hours, finally, I solved the X-CSRF-TOKEN header problem. I added X-CSRF-TOKEN header to serverless.yml as in the serverless-lift documents. And it works perfectly.

constructs:
    website:
        type: server-side-website
        domain: ***********
        certificate: arn:aws:************
        forwardedHeaders:
            - X-XSRF-TOKEN
            - Origin
            - Accept
            ....

Result: