| 1 | <?php
|
|---|
| 2 |
|
|---|
| 3 | return [
|
|---|
| 4 |
|
|---|
| 5 | /*
|
|---|
| 6 | |--------------------------------------------------------------------------
|
|---|
| 7 | | Stateful Domains
|
|---|
| 8 | |--------------------------------------------------------------------------
|
|---|
| 9 | |
|
|---|
| 10 | | Requests from the following domains / hosts will receive stateful API
|
|---|
| 11 | | authentication cookies. Typically, these should include your local
|
|---|
| 12 | | and production domains which access your API via a frontend SPA.
|
|---|
| 13 | |
|
|---|
| 14 | */
|
|---|
| 15 |
|
|---|
| 16 | 'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
|
|---|
| 17 | '%s%s',
|
|---|
| 18 | 'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
|
|---|
| 19 | env('APP_URL') ? ','.parse_url(env('APP_URL'), PHP_URL_HOST) : ''
|
|---|
| 20 | ))),
|
|---|
| 21 |
|
|---|
| 22 | /*
|
|---|
| 23 | |--------------------------------------------------------------------------
|
|---|
| 24 | | Sanctum Guards
|
|---|
| 25 | |--------------------------------------------------------------------------
|
|---|
| 26 | |
|
|---|
| 27 | | This array contains the authentication guards that will be checked when
|
|---|
| 28 | | Sanctum is trying to authenticate a request. If none of these guards
|
|---|
| 29 | | are able to authenticate the request, Sanctum will use the bearer
|
|---|
| 30 | | token that's present on an incoming request for authentication.
|
|---|
| 31 | |
|
|---|
| 32 | */
|
|---|
| 33 |
|
|---|
| 34 | 'guard' => ['web'],
|
|---|
| 35 |
|
|---|
| 36 | /*
|
|---|
| 37 | |--------------------------------------------------------------------------
|
|---|
| 38 | | Expiration Minutes
|
|---|
| 39 | |--------------------------------------------------------------------------
|
|---|
| 40 | |
|
|---|
| 41 | | This value controls the number of minutes until an issued token will be
|
|---|
| 42 | | considered expired. If this value is null, personal access tokens do
|
|---|
| 43 | | not expire. This won't tweak the lifetime of first-party sessions.
|
|---|
| 44 | |
|
|---|
| 45 | */
|
|---|
| 46 |
|
|---|
| 47 | 'expiration' => null,
|
|---|
| 48 |
|
|---|
| 49 | /*
|
|---|
| 50 | |--------------------------------------------------------------------------
|
|---|
| 51 | | Sanctum Middleware
|
|---|
| 52 | |--------------------------------------------------------------------------
|
|---|
| 53 | |
|
|---|
| 54 | | When authenticating your first-party SPA with Sanctum you may need to
|
|---|
| 55 | | customize some of the middleware Sanctum uses while processing the
|
|---|
| 56 | | request. You may change the middleware listed below as required.
|
|---|
| 57 | |
|
|---|
| 58 | */
|
|---|
| 59 |
|
|---|
| 60 | 'middleware' => [
|
|---|
| 61 | 'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,
|
|---|
| 62 | 'encrypt_cookies' => App\Http\Middleware\EncryptCookies::class,
|
|---|
| 63 | ],
|
|---|
| 64 |
|
|---|
| 65 | ];
|
|---|
