Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Are stateful requests possible using Scribe and Sanctum? #942

Open
1 task done
TS1997 opened this issue Feb 6, 2025 · 0 comments
Open
1 task done

Are stateful requests possible using Scribe and Sanctum? #942

TS1997 opened this issue Feb 6, 2025 · 0 comments
Labels
question triage

Comments

@TS1997
Copy link

TS1997 commented Feb 6, 2025

Scribe version

4.39.0

Your question

Hello,

I have an API that allows unauthenticated requests from stateful domains and requires bearer authentication and a paid Stripe subscription if used externally. Is it possible to make the Scribe requests stateful so I don't have to generate an account with a paid subscription when generating the documentation?

I tried adding the following code to the AppServiceProvider::boot method which worked in the sense that I bypassed the authentication but that resulted in CSRF Token Mismatch which I wasn't able to bypass.

Scribe::beforeResponseCall(function (Request $request, ExtractedEndpointData $endpointData) {
    $request->headers->set('referer', config('app.url'));
    $request->server->set('HTTP_REFERER', config('app.url'));
});

I tried the following to bypass the CSRF Token Mismatch but that didn't work:

Scribe::beforeResponseCall(function (Request $request, ExtractedEndpointData $endpointData) {
    $cookieJar = new CookieJar();
    $csrfResponse = Http::withOptions(['cookies' => $cookieJar])
        ->withHeader('referer', config('app.url'))
        ->get(route('sanctum.csrf-cookie'));
    $csrfToken = $cookieJar->getCookieByName('XSRF-TOKEN')->getValue();
    $sessionCookie = $cookieJar->getCookieByName('laravel_session')->getValue();

    $request->headers->set('host', '');
    $request->headers->set('referer', config('app.url'));
    $request->server->set('HTTP_REFERER', config('app.url'));

    $request->headers->set('cookie', 'XSRF-TOKEN=' . $csrfToken . '; laravel_session=' . $sessionCookie);

    $request->headers->set('X-XSRF-TOKEN', $csrfToken);
    $request->cookies->set('XSRF-TOKEN', $csrfToken);
    $request->cookies->set('laravel_session', $sessionCookie);
});

Is it possible to make this work or do I have to create a paid account in order to generate the documentation?

Thanks in advance!

Docs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TS1997