[10.x] Update sanctum config file (#6234)

* update sanctum config file * Update sanctum.php --------- Co-authored-by: Taylor Otwell <taylor@laravel.com>
2025-02-20 11:53:14 +08:00 · 2023-09-07 18:48:35 +03:00 · 2023-09-07 18:48:35 +03:00 · bfead27a28
commit bfead27a28
parent 32ecad53a9
1 changed files with 19 additions and 3 deletions
--- a/config/sanctum.php
+++ b/config/sanctum.php
@ -41,13 +41,28 @@ return [
    |--------------------------------------------------------------------------
    |
    | This value controls the number of minutes until an issued token will be
-    | considered expired. If this value is null, personal access tokens do
-    | not expire. This won't tweak the lifetime of first-party sessions.
+    | considered expired. This will override any values set in the token's
+    | "expires_at" attribute, but first-party sessions are not affected.
    |
    */

    'expiration' => null,

+    /*
+    |--------------------------------------------------------------------------
+    | Token Prefix
+    |--------------------------------------------------------------------------
+    |
+    | Sanctum can prefix new tokens in order to take advantage of various
+    | security scanning initiaives maintained by open source platforms
+    | that alert developers if they commit tokens into repositories.
+    |
+    | See: https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning
+    |
+    */
+
+    'token_prefix' => env('SANCTUM_TOKEN_PREFIX', ''),
+
    /*
    |--------------------------------------------------------------------------
    | Sanctum Middleware
@ -60,8 +75,9 @@ return [
    */

    'middleware' => [
-        'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,
+        'authenticate_session' => Laravel\Sanctum\Http\Middleware\AuthenticateSession::class,
        'encrypt_cookies' => App\Http\Middleware\EncryptCookies::class,
+        'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,
    ],

 ];