Perhaps I should be using CORS (https://github.com/barryvdh/laravel-cors)?
I guess you could make an internal request to the subdomain to retrieve a CSRF token and embed that into the form, but that would be pretty hacky. CORS would probably be the clean approach.
Sign in to participate in this thread!
We'd like to thank these amazing companies for supporting us