| commit | author | age | ||
| 9f6455 | 1 | <?php |
| DC | 2 | |
| 3 | return [ | |
| 4 | ||
| 5 | /* | |
| 6 | |-------------------------------------------------------------------------- | |
| 7 | | Stateful Domains | |
| 8 | |-------------------------------------------------------------------------- | |
| 9 | | | |
| 10 | | Requests from the following domains / hosts will receive stateful API | |
| 11 | | authentication cookies. Typically, these should include your local | |
| 12 | | and production domains which access your API via a frontend SPA. | |
| 13 | | | |
| 14 | */ | |
| 15 | ||
| 16 | 'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf( | |
| 17 | '%s%s', | |
| 18 | 'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1', | |
| 19 | env('APP_URL') ? ','.parse_url(env('APP_URL'), PHP_URL_HOST) : '' | |
| 20 | ))), | |
| 21 | ||
| 22 | /* | |
| 23 | |-------------------------------------------------------------------------- | |
| 24 | | Sanctum Guards | |
| 25 | |-------------------------------------------------------------------------- | |
| 26 | | | |
| 27 | | This array contains the authentication guards that will be checked when | |
| 28 | | Sanctum is trying to authenticate a request. If none of these guards | |
| 29 | | are able to authenticate the request, Sanctum will use the bearer | |
| 30 | | token that's present on an incoming request for authentication. | |
| 31 | | | |
| 32 | */ | |
| 33 | ||
| 34 | 'guard' => ['web'], | |
| 35 | ||
| 36 | /* | |
| 37 | |-------------------------------------------------------------------------- | |
| 38 | | Expiration Minutes | |
| 39 | |-------------------------------------------------------------------------- | |
| 40 | | | |
| 41 | | This value controls the number of minutes until an issued token will be | |
| 42 | | considered expired. If this value is null, personal access tokens do | |
| 43 | | not expire. This won't tweak the lifetime of first-party sessions. | |
| 44 | | | |
| 45 | */ | |
| 46 | ||
| 47 | 'expiration' => null, | |
| 48 | ||
| 49 | /* | |
| 50 | |-------------------------------------------------------------------------- | |
| 51 | | Sanctum Middleware | |
| 52 | |-------------------------------------------------------------------------- | |
| 53 | | | |
| 54 | | When authenticating your first-party SPA with Sanctum you may need to | |
| 55 | | customize some of the middleware Sanctum uses while processing the | |
| 56 | | request. You may change the middleware listed below as required. | |
| 57 | | | |
| 58 | */ | |
| 59 | ||
| 60 | 'middleware' => [ | |
| 61 | 'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class, | |
| 62 | 'encrypt_cookies' => App\Http\Middleware\EncryptCookies::class, | |
| 63 | ], | |
| 64 | ||
| 65 | ]; | |
