Persistent 419 CSRF Error on Livewire File Uploads behind Cloudflare Tunnel
Hey everyone,
I'm running into a frustrating
The Problem:
* When a user tries to upload a file using a Filament/Livewire
* Looking at the network response for the 419, the server is trying to
* The
* Regular Livewire actions/updates on the same page work without any CSRF issues.
What I've Tried So Far:
1. Trusted Proxies: Configured using
2. .env Configuration:
*
*
*
3.
4. Livewire Upload Middleware: Tried adding
My Suspicion:
Has anyone encountered a similar issue with Livewire file uploads behind Cloudflare Tunnels or other reverse proxies where only the upload route loses the session? Any ideas on what else to check (specific Cloudflare settings, Livewire internals, PHP session handling nuances)?
I'm running into a frustrating
419 CSRF token mismatch/livewire/updateThe Problem:
* When a user tries to upload a file using a Filament/Livewire
FileUploadhttps://sub.domain.com/livewire/upload-file?...* Looking at the network response for the 419, the server is trying to
Set-Cookie* The
X-CSRF-TOKEN* Regular Livewire actions/updates on the same page work without any CSRF issues.
What I've Tried So Far:
1. Trusted Proxies: Configured using
monicahq/laravel-cloudflareTrustProxiesbootstrap/app.php2. .env Configuration:
*
APP_URL={The Domain From Cloudflared}*
SESSION_DOMAIN=.domain.comnullsub.domain.com*
SESSION_SECURE_COOKIE=true3.
config/session.phpsame_site'lax''none'secure=truehttp_onlytrue4. Livewire Upload Middleware: Tried adding
'web'StartSession::classtemporary_file_upload.middlewareconfig/livewire.phpMy Suspicion:
Has anyone encountered a similar issue with Livewire file uploads behind Cloudflare Tunnels or other reverse proxies where only the upload route loses the session? Any ideas on what else to check (specific Cloudflare settings, Livewire internals, PHP session handling nuances)?
