"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."
Microsoft chose Payload to tell the world about AI.
Cannot create admin user
1. Got locked out of cloud project admin account, unclear why, with UI showing "Unauthorized, you must be logged in to make this request." with log out button.
2. Email password reset not working - is there additional configuration needed for this feature on cloud? This hasn't worked for me across a few projects now.
3. Runtime logs show
ERROR (payload): APIError: No User
4. DB shows user however loginAttmepts are 0
5. Tried deleting the admin user in the DB to force reset, cleared cookies, etc
6. Created new user with same email as previous via /admin/login
7. Return to step 1
Repo is public:
https://github.com/ballermatic/gb-cmspayload.config.ts
import dotenv from 'dotenv'
import path from 'path'
import { buildConfig } from 'payload/config'
import { Pages } from './collections/Pages'
import { Users } from './collections/Users'
dotenv.config()
export default buildConfig({
admin: { user: Users.slug }, // added this in testing, no effect
collections: [Pages, Users],
cors: [process.env.PAYLOAD_PUBLIC_SERVER_URL, process.env.PAYLOAD_PUBLIC_SITE_URL],
csrf: [process.env.PAYLOAD_PUBLIC_SERVER_URL, process.env.PAYLOAD_PUBLIC_SITE_URL],
typescript: {
outputFile: path.resolve(__dirname, 'payload-types.ts'),
},
})
@511305637959827459it sounds like your cookie settings are incorrect, likely due to your env not loading properly. Double check your import statement for
dotenv. I think the proper way to import this module using ES6 syntax is
import {} from 'dotenv/config';although I typically opt for CommonJS like this
require('dotenv').config()Aha, will do!
@808734492645785600I tried this, builds and deploys, but get an error when visiting /admin. I was attempting to use this approach
https://discord.com/channels/967097582721572934/1098088422553440256which had worked for me earlier.
Uncaught TypeError: n(...).config is not a functionin browser console after successful deployment.
Hmmmm strange error
But I do think another problem is that your importing the env
afteryour collections
Haha yeah, today is my auth/access/cors/csrf deep dive.
OH!
I hadn't considered that … at all
So it a fun day for you sounds like haha
Yea your cookie domain in your users collections probably is setting an undefined property
Thank you, and the whole team, for being here for us n00bs while we learn!
We're all learning, it's a win-win 👍
Let me know if you still have any troubles here
Weird, same issue. Checking ENV on cloud but I am 99% certain they're correct.
ENV are correct. COOKIE_DOMAIN is set to localhost, that shouldn't affect my ability to access the cloud admin, or should it?
oh yea
COOKIE_DOMAINneeds to be the live domain, just like
corsand
csrfbecause otherwise your cookie will not attach to your browser
How does one test preview etc locally with cloud?
localhost:3000 <--> payloadcms.app kinda thing
Where local would be next.js with the intent to deploy to vercel, for example
You could run the CMS locally alongside your Next.js app
While connecting to the same Mongo instance, if needed
Ah yes, I was doing that earlier and it worked well. Huh. Definitely learning here. Ok, thank you. I have somewhat of an idea how to make the preview example work now.
Should cookie domain be the cms or the front end?
Not seeing documentation on that, unless it's in the JWT library?
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#third-party_cookiesAnd here I thought I had a handle on cookies this whole time, sigh
The preview example is what is getting me turned around, because the cookie domain is the same for the front and back ends 😄
The cookie domain is the domain of any site you wish to allow cookies for
Can that be an array like cors or csrf?
This excludes the protocol, i.e.
payloadcms.comwould work for a
local.payloadcms.comfront-end and a
cms.local.payloadcms.combackend
It cannot be an array, without looking the MDN docs there should indicate that
BE and FE will have different domains
Then you won't be able to take advantage of the security that the cookie domain provides
Just use
auth: trueAha, ok.
Thank you again!
No problem!
- @808734492645785600
I was incorrect, my plan is to use a single domain. For example, CMS =
https://edit.gravybo.at(currently set up as a CNAME in the Vercel DNS), dig shows it's functioning, however I am getting an SSL error
SSL_ERROR_NO_CYPHER_OVERLAPwhere the parent domain SSL is fine, as is the destination value:
https://gb.payloadcms.appI feel like there should be a separate thread.
Star
Discord
online
Get dedicated engineering support directly from the Payload team.