各位大大好！ 我使用passport建立 API 在驗證的部分我已經做了以下設定，
裡用JS送請求時 始終返回 401 無權限

請問我是不是遺漏了甚麼步驟?!

我是由5.4 升級到 5.5

Kernel.php

'web' => [
    \App\Http\Middleware\EncryptCookies::class,
    \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
    \Illuminate\Session\Middleware\StartSession::class,
    // \Illuminate\Session\Middleware\AuthenticateSession::class,
    \Illuminate\View\Middleware\ShareErrorsFromSession::class,
    \App\Http\Middleware\VerifyCsrfToken::class,
    \Illuminate\Routing\Middleware\SubstituteBindings::class,
    \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
  ],

ajax 使用 laravel 內建的 axios 已經有附帶X-CSRF-TOKEN
bootstrap.js

window.axios = require('axios');

window.axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest';

/**
 * Next we will register the CSRF Token as a common header with Axios so that
 * all outgoing HTTP requests automatically have it attached. This is just
 * a simple convenience so we don't have to attach every token manually.
 */

let token = document.head.querySelector('meta[name="csrf-token"]');

if (token) {
    window.axios.defaults.headers.common['X-CSRF-TOKEN'] = token.content;
} else {
    console.error('CSRF token not found: https://laravel.com/docs/csrf#csrf-x-csrf-token');
}

送出的請求

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Cookie: lang=zh-TW; io=EHf7AbPslPfT73wFAAAa; laravel_token=eyJpdiI6IllDY1JZd0xwdmtnRzc...;
XSRF-TOKEN=eyJpdiI6I3...; laravel_session=eyJpdi..
Host: localhost
Pragma: no-cache
Referer: http://localhost/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36
X-CSRF-TOKEN: mbVlE93huPxnNAvRE7kDRotAETD8vq4L3P9...
X-Requested-With: XMLHttpRequest
X-XSRF-TOKEN: eyJpdiI6IlpnYU4xVmlGV...