first commit

common/Core/Middleware/EnsureFrontendRequestsAreStateful.php

@@ -0,0 +1,45 @@
+<?php
+
+namespace Common\Core\Middleware;
+
+use Illuminate\Support\Collection;
+use Illuminate\Support\Str;
+use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful as LaravelMiddleware;
+
+class EnsureFrontendRequestsAreStateful extends LaravelMiddleware
+{
+    public static function fromFrontend($request): bool
+    {
+        $domain =
+            $request->headers->get('referer') ?:
+            $request->headers->get('origin');
+
+        if (is_null($domain)) {
+            return false;
+        }
+
+        // make sure api calls from api docs page are not considered stateful to avoid 419 errors on POST requests
+        if (Str::contains($domain, '/api-docs')) {
+            return false;
+        }
+
+        $domain = parse_url($domain, PHP_URL_HOST);
+        $domain = Str::replaceFirst('www.', '', $domain);
+        $domain = Str::endsWith($domain, '/') ? $domain : "{$domain}/";
+
+        $stateful = [
+            ...array_filter(config('sanctum.stateful', [])),
+            parse_url(config('app.url'), PHP_URL_HOST),
+        ];
+
+        return Str::is(
+            Collection::make($stateful)
+                ->map(
+                    fn($uri) => Str::replaceFirst('www.', '', trim($uri)) .
+                        '/*',
+                )
+                ->all(),
+            $domain,
+        );
+    }
+}