Make TryIt work with Sanctum's cookie based authentication out of the box

[layerok]

Fixes #286

In this PR I added code that intercepts every TryIt request and adds an XSRF-TOKEN header, which is necessary for Sanctum's cookie based authentication to work correctly. Intercepting was done by monkey-patching fetch function

[layerok]

Previously I've been fixing this issue but I've only fixed one part of it. This PR fixes second and the last part. Now Sanctum cookie based authentication should work out of the box.

[romalytvynenko]

@vovarudomanenko you are the best, thanks! Will test for API token based auth soon and merge. Thanks again, this was really painful issue.

[layerok]

@romalytvynenko First of all, you are the best. Secondly, I wanted to tell that you should only test for cookie-based authentication because my solution won't work for token-based one.

Token-based auth requires a different solution.
Specifically, it requires to pass a token in the Authorization header as a bearer token.

I currently don't know how to solve this problem universally for everyone. Because in order to automatically pass a token to a request I must to know how to create the token and that depends on the specific API implementation.

But I know one solution to this problem, which I don't really like, but it works. This solution requires adding the Authorization header to the OpenAPI definition and manually inserting the token into TryIt form before submitting a request.

Scramble::extendOpenApi(function (OpenApi $openApi) {
    $openApi->secure(SecurityScheme::http('bearer', 'JWT'));
});

[romalytvynenko]

@vovarudomanenko hey!

I meant in general if the solution affects token based auth (due to fetch fn being patched). I've just tested the behavior and it looks good!

Speaking of inserting API token automatically – this is really a nice idea. If it'll resurface, I'll add it.

Thanks again for your time. Now Sactum's auth works like a charm!

[erkinboy-botirov]

In resources/views/docs.blade.php at line 40:

Shouldn't decodeURIComponent be used instead of decodeURI?

It seems like the XSRF-TOKEN that comes as a cookie is base64 encoded. From what I found, an equals sign is added as padding at the end of a base64 encoded string to match a specific number of characters. When this token is passed as a cookie value, it is URL encoded, which turns the equals signs into %3D.

As you can see in the picture, the decodeURI function won't decode it back, but decodeURIComponent will.