Statamic + Laravel Forge: POST/PATCH requests return 302 and cause redirect loop behind Cloudflare

[JaavierR]

Hi everyone,

I deployed a Laravel application with Statamic to a VPS using Laravel Forge. The application works correctly in local development, but after deployment I’m facing the following issues and wanted to ask if anyone else has experienced something similar.

1) Control Panel login only works when “Remember me” is checked

When logging into the Statamic Control Panel without selecting “Remember me”, the session does not persist and the login fails (I am redirected back as if not authenticated).
If “Remember me” is checked, the login works as expected.

2) Editing, saving entries, or uploading files triggers AxiosError: Network Error

When trying to edit or save an entry in the Control Panel, or when uploading files via form inputs, a notification appears showing:

• AxiosError: Network Error

There are no related errors in the Laravel logs.
In the browser’s Network tab, I can see multiple repeated requests being sent to the same endpoint in quick succession.

After further debugging, I was able to narrow the problem down to the fact that POST and PATCH requests are returning a 302 response, which causes them to enter a redirect loop.
Due to these repeated redirections, the requests eventually fail with a network error, preventing entries from being saved or updated and blocking file uploads in form inputs.

Additional context

• The domain is proxied through Cloudflare.
• These issues do not occur locally.
• I followed the official Statamic deployment documentation step by step.
• I suspect the issue may be related to Cloudflare (headers, HTTPS detection, cookies, or redirects).
• I installed the Laravel Cloudflare package, but the issue still persists.
• I deployed and configured the same application on Laravel Cloud, and did not experience any of these problems, which makes me think this might be related to the Forge + VPS + Cloudflare setup.

Question

Has anyone else experienced an issue where POST/PATCH requests return 302 responses and fall into a redirect loop when deploying Laravel + Statamic on Forge, especially when the site is proxied through Cloudflare?

In my case, this results in:

• Control Panel sessions failing unless “Remember me” is checked
• Inability to save or update entries
• File uploads failing in form inputs
• Repeated requests ending in AxiosError: Network Error, with no errors in Laravel logs

If you’ve encountered something similar or know what configuration might cause this (sessions, cookies, HTTPS detection, Cloudflare headers, Forge config, etc.), I’d really appreciate any insight. Thanks in advance!

[ryanmitchell]

If you're getting a 302 then it sounds like the domain cloud flare is sending to the server is different from the one the server is expecting (I suspect http vs https?). That would explain most of your issues to be honest.

[JaavierR]

Hi Ryan,

Thanks so much for taking the time to respond! I checked everything on Cloudflare and the settings were okay.

I managed to resolve the issue and was actually related to session handling, although I'm not entirely sure whether this is the correct or recommended solution.

After some digging on Statamic's Discord, I found a similar case that pointed me to this GitHub issue:
#11411 (comment)

Following the suggestion there, I updated the user_id column in the sessions table to varchar(255). After doing that, everything started working correctly.

That said, I'm still a bit unsure why this fixes the problem and whether it's safe to leave sessions.user_id as a varchar long-term. At the moment, the Control Panel is only managed by a single user stored in a flat file, but I'm wondering if this could cause issues in the future if I decide to manage users through Laravel's database instead.

I didn't encounter this problem locally at first because I was using SQLite. As soon as I switched my local environment to MySQL, the issue reproduced immediately. I'm also using the database session driver.

Thanks again for the help and for pointing me in the right direction!

[ryanmitchell]

Nice find. Yes, Statamic uses UUIDs for flat-file users so if your using the database driver for sessions you'd need to update the column to use string IDs.