"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."
Get the resources you need to start building today
Microsoft chose Payload to tell the world about AI.
Cookie Secure - API rest
I have payloadCMS running on localhost:3000, I have nextJs running on localhost:8000
I try to fetch data.
I already set cors and csrf the value *
Actually I can Login and data is returned normally.
The problem is that the cookie secure is not set automatically 😦
So, when I try to logout, "user: null".
I really don't know why the cookie isn't set, I already check the developer tools (no cookies there).
I tried different browsers, I tried different clients (vanilla JS)
Only works on Postman/Imsomnia
Could anyone help me please? TwT
So, what doesn't work?
Cookie secure is supposed to be set automatically when I fetch to login Endpoint, but it's not set :/
You are making a fetch request to the auth endpoint from Next to Payload?
Yes
are you using
credentials: includeI replicated your issue to be honest
What I tried was same as
@629766588492677131did.
I had problems even with just setting the cookie after successful login. Localhost acts as a same origin scenario, even with different ports, so there shouldn't be a problem.
That is certain because when you login directly from the CMS, and then you will switch to your Next.js application, cookie will be shared. However when you want to login directly from the Next.js app, you will get a token back inside the response data, but the cookie itself will not be set
Bear in mind please, that I tried this at 1:30 AM and I was tired already
But I will try to take a look at it over the weekend
Logout is similar scenario, cookie doesn't get deleted, setting
credentials: includecaused CORS error
BUTI think the default behaviour is that accepting all origins with * asterisk and accepting credentials is forbidden
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentialsTherefore try to set allowed origins to be
localhost:5000or smth like that
Specifying the domains the cookie can be shared on is way more secure. I would always do that when you can
I specified the domain and port and it worked ❤️
Now the cookie is set correctly
Thanks
@217360281309806593and
@281120856527077378Does the logout work for you though?
Yes, It works
the docs address cookie setting
https://github.com/payloadcms/website
Star
Discord
online
Get dedicated engineering support directly from the Payload team.