Preserve X-Xsrf-Token header from .htaccess (#6520)

thecodeholic · taylorotwell · web-flow · commit f15301d18db0 · 2025-01-14T14:03:16.000-06:00
* Preserve X-Xsrf-Token header from .htaccess

Preserve X-Xsrf-Token header for session based authentication when building API in Laravel

* Update .htaccess

* Update .htaccess

---------

Co-authored-by: Taylor Otwell &lt;taylor@laravel.com&gt;
diff --git a/public/.htaccess b/public/.htaccess
@@ -9,6 +9,10 @@
     RewriteCond %{HTTP:Authorization} .
     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
 
+    # Handle X-XSRF-Token Header
+    RewriteCond %{HTTP:x-xsrf-token} .
+    RewriteRule .* - [E=HTTP_X_XSRF_TOKEN:%{HTTP:X-XSRF-Token}]
+
     # Redirect Trailing Slashes If Not A Folder...
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteCond %{REQUEST_URI} (.+)/$
