Server Proxy

Overview

Nuxt Umbu will introduce an internal server proxy for the Sanctum provider to improve SSR compatibility and eliminate CORS complexity.

This feature will allow your Nuxt application to act as a reverse proxy between the browser and your Laravel API.

Instead of:

frontend.dev → api.frontend.dev

Requests will flow through the same origin:

frontend.dev → frontend.dev/api/*

This greatly simplifies authentication when using cookie-based sessions.

Why This Matters

When using Laravel Sanctum with SSR:

• Cookies must be forwarded correctly
• CSRF protection must be preserved
• CORS must be configured if using different domains
• SANCTUM_STATEFUL_DOMAINS must be maintained

The internal proxy removes this complexity by ensuring all browser requests are same-origin.

Planned Configuration

export default defineNuxtConfig({
    auth: {
        provider: 'sanctum',
        proxy: {
            enabled: true,
            route: '/api',
            target: 'https://api.example.com'
        }
    }
})

Expected Behaviour

When enabled:

• A Nitro catch-all route will be created at /api/**
• Requests will be forwarded to proxy.target
• The route prefix will be stripped
• Cookies, headers, method and body will be preserved
• The original backend response will be returned untouched

Example

Request from browser:

GET /api/user/profile

Forwarded internally to:

GET https://api.example.com/user/profile

The browser remains unaware of the backend domain.

Benefits

• No CORS configuration
• No cross-domain cookie issues
• Full SSR compatibility
• Cleaner production deployment
• Improved developer experience