Simplify your stack and build anything. Or everything.
Build tomorrow’s web with a modern solution you truly own.
Code-based nature means you can build on top of it to power anything.
It’s time to take back your content infrastructure.

Cookie Secure - API rest

default discord avatar
luislopezlg2 years ago
11

I have payloadCMS running on localhost:3000, I have nextJs running on localhost:8000



I try to fetch data.


I already set cors and csrf the value *



Actually I can Login and data is returned normally.


The problem is that the cookie secure is not set automatically 😦


So, when I try to logout, "user: null".



I really don't know why the cookie isn't set, I already check the developer tools (no cookies there).


I tried different browsers, I tried different clients (vanilla JS)



Only works on Postman/Imsomnia



Could anyone help me please? TwT

  • default discord avatar
    martafiixek2 years ago

    So, what doesn't work?

  • default discord avatar
    luislopezlg2 years ago

    Cookie secure is supposed to be set automatically when I fetch to login Endpoint, but it's not set :/

  • default discord avatar
    martafiixek2 years ago

    You are making a fetch request to the auth endpoint from Next to Payload?

  • default discord avatar
    luislopezlg2 years ago

    Yes

  • discord user avatar
    jarrod_not_jared
    2 years ago

    are you using

    credentials: include
  • default discord avatar
    martafiixek2 years ago

    I replicated your issue to be honest



    What I tried was same as

    @629766588492677131

    did.



    I had problems even with just setting the cookie after successful login. Localhost acts as a same origin scenario, even with different ports, so there shouldn't be a problem.



    That is certain because when you login directly from the CMS, and then you will switch to your Next.js application, cookie will be shared. However when you want to login directly from the Next.js app, you will get a token back inside the response data, but the cookie itself will not be set



    Bear in mind please, that I tried this at 1:30 AM and I was tired already



    But I will try to take a look at it over the weekend



    Logout is similar scenario, cookie doesn't get deleted, setting

    credentials: include

    caused CORS error



    BUT

    I think the default behaviour is that accepting all origins with * asterisk and accepting credentials is forbidden



    https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials

    Therefore try to set allowed origins to be

    localhost:5000

    or smth like that

  • discord user avatar
    jarrod_not_jared
    2 years ago

    Specifying the domains the cookie can be shared on is way more secure. I would always do that when you can

  • default discord avatar
    luislopezlg2 years ago

    I specified the domain and port and it worked ❤️


    Now the cookie is set correctly



    Thanks

    @217360281309806593

    and

    @281120856527077378
  • default discord avatar
    martafiixek2 years ago

    Does the logout work for you though?

  • default discord avatar
    luislopezlg2 years ago

    Yes, It works



  • default discord avatar
    .smalltalkman2 years ago

    the docs address cookie setting

    https://github.com/payloadcms/website
Star on GitHub

Star

Chat on Discord

Discord

online

Can't find what you're looking for?

Get dedicated engineering support directly from the Payload team.