I have payloadCMS running on localhost:3000, I have nextJs running on localhost:8000
I try to fetch data.
I already set cors and csrf the value *
Actually I can Login and data is returned normally.
The problem is that the cookie secure is not set automatically 😦
So, when I try to logout, "user: null".
I really don't know why the cookie isn't set, I already check the developer tools (no cookies there).
I tried different browsers, I tried different clients (vanilla JS)
Only works on Postman/Imsomnia
Could anyone help me please? TwT
So, what doesn't work?
Cookie secure is supposed to be set automatically when I fetch to login Endpoint, but it's not set :/
You are making a fetch request to the auth endpoint from Next to Payload?
Yes
are you using
credentials: include
I replicated your issue to be honest
What I tried was same as @LuisLopezlg did.
I had problems even with just setting the cookie after successful login. Localhost acts as a same origin scenario, even with different ports, so there shouldn't be a problem.
That is certain because when you login directly from the CMS, and then you will switch to your Next.js application, cookie will be shared. However when you want to login directly from the Next.js app, you will get a token back inside the response data, but the cookie itself will not be set
Bear in mind please, that I tried this at 1:30 AM and I was tired already
But I will try to take a look at it over the weekend
Logout is similar scenario, cookie doesn't get deleted, setting
credentials: include
caused CORS error
BUT
I think the default behaviour is that accepting all origins with * asterisk and accepting credentials is forbidden
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials
Therefore try to set allowed origins to be
localhost:5000
or smth like that
Specifying the domains the cookie can be shared on is way more secure. I would always do that when you can
I specified the domain and port and it worked ❤️
Now the cookie is set correctly
Thanks @Marťafiixek and @Jarrod
Does the logout work for you though?
Yes, It works
the docs address cookie setting
https://github.com/payloadcms/websiteStar
Discord
online
Get help straight from the Payload team with an Enterprise License.