there is a SPA based on Laravel 5.8 and vue.js 2.0.
Everything is working fine, a little bit too much to be honest, because if I delete the session and I try to save the content afterward or keep navigating the private pages, every ajax call that I’m doing with Axios is going through without returning any error. Only if I forcefully refresh the page I get the error page I setup but if I don’t, I can keep doing everything even if the session no longer exist.
This is my setup.
web.php is where there is the only php route that points to a singlePageController:
Auth::routes();
Route::get(‘/{any}’, ‘SinglePageController@index’)->where(‘any’, ‘.*‘);
Then in the singlePageController I return the view:
class SinglePageController extends Controller
{
public function index() {
return view(‘app’, [‘loggedUser’ => auth()->user()]);
}
}
Then there is the api.php where there is the API routes. As you can see at the end there is the middleware to make it private. Just to make an example this is the one I use for updating the content:
Route::put(‘event/update/{slug}’, ‘EventController@update’)->middleware(‘auth:api’);
Then the related controller of that API route:
public function update(Request $request, $slug)
{
$event = Event::where(‘slug’, $slug)->first();
$event->title = $request->input(‘title’);
return new EventResource($event);
}
And in the end this is the Resource I use to define what and how the API data is going to be displayed:
public function toArray($request)
{
// return parent::toArray($request);
return [
‘id’ => $this->id,
‘title’ => $this->title,
‘slug’ => $this->slug,
‘curator’ => $this->curator,
‘featured_image’ => $this->featured_image,
‘body’ => $this->body,
‘date’ => $this->date
];
}
So this above is the flow I have. Then when I do an axios call to update the content, I’m doing something like:
axios({
method: ‘PUT’,
url: ‘/api/event/update/‘ + this.$route.params.slug + ‘?api_token=’ + this.isLogged.apiToken,
data: dataToSave,
headers: {
‘X-CSRF-TOKEN’: $(‘meta[name=”csrf-token”]‘).attr(‘content’)
}
})
.then((response) => {
this.getNotification(‘Success: The Event has been saved’);
})
.catch((error) => {
this.getNotification(‘Error: Impossible saving the event’);
console.log(error);
})
Thanks in advance for the help
Solution :
In Laravel routes in api.php ignore the session data.
If you want to authenticate with session data you could move the api routes to web.php and you should see the results you expect.