"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."
Microsoft chose Payload to tell the world about AI.
CORS issues even when origins specified
Not sure what I'm doing wrong here
export default buildConfig({
serverURL: "https://beta.safsonline.com",
admin: {
user: Admins.slug,
},
cors: ["http://localhost:4200", "http://safsbeta1.safsonline.com", "http://safsbeta2.safsonline.com"],
csrf: ["http://localhost:4200", "http://safsbeta1.safsonline.com", "http://safsbeta2.safsonline.com"],
collections: [Admins, Users, Pages, Media, Documents],
typescript: {
outputFile: path.resolve(__dirname, "payload-types.ts"),
},
graphQL: {
schemaOutputFile: path.resolve(__dirname, "generated-schema.graphql"),
},
routes: {
api: '/payload/api',
admin: '/payload/admin',
graphQL: '/payload/graphql',
graphQLPlayground: '/payload/graphql-playground'
}
});and in server
app.use(express.json());
app.use(
cors({
origin: ["http://localhost:4200", "http://safsbeta1.safsonline.com", "http://safsbeta2.safsonline.com"],
credentials: true,
})
);
You are getting the error on an https URL and only have http URLs listed. Maybe try changing your (what I assume is a production) safsbeta1.safsonline.com URL to https? Also if the 2nd snippet is from the same server that payload uses, I didn't need to set any CORS settings manually on the express instance.
for some reason on deploy payload-token cookie is not set in req, does anyone have this issue?
I don't, but here's a couple of things I would check:
- Are you logged in?
- Do you have CORS correctly configured
- Have you set the correct origins?
- Have you enabled the usage of credentials?
- Do you have CSRF correctly configured?
There are also other things that might cause that issue, but I would say these are the most common causes.
hi, thanks, yeah, everything is configured as per the docs and the example, the csrf cookies are set and i can see them, but not payload-token which only gets set when testing locally, what other things might cause this?
- @1018806695130046494
This is usually a CORS / CSRF issue, specifically the token not being set. Do you have credentials set as an option in your cors/csrf config?
or rather
Do the CORS/CSRF listings match
yes, credentials:true, and the same list of domains for cors/csrf
Would you mind providing us with screenshots / copies of your configuration and the exact URLs you are using to test the application?
export default buildConfig({ serverURL: "https://cms.tengricomics.kz", admin: { user: Admins.slug, }, cors: ["https://dev.tengricomics.kz", "https://staging.tengricomics.kz"], csrf: ["https://dev.tengricomics.kz", "https://staging.tengricomics.kz], collections: [Admins, Users, Pages, Media, Widgets], typescript: { outputFile: path.resolve(__dirname, "payload-types.ts"), }, graphQL: { schemaOutputFile: path.resolve(__dirname, "generated-schema.graphql"), }, globals:["MainMenu"] });app.use( '/assets', express.static(path.resolve(__dirname, './assets')), ); app.use(injectEnvMiddleware); app.use( cors({ origin: [ 'https://dev.tengricomics.kz', 'https://staging.tengricomics.kz', ], credentials: true, }), ); // Redirect root to Admin panel app.get('/', (_, res) => { res.redirect('/admin'); });locally everything works fine, but on deploy the payload-token cookie is not being set on preview
also i tried adding
auth: {
cookies: {
secure: true,
sameSite: 'lax',
domain: '.tengricomics.kz',
},
},
versions: {
drafts: true,
}, to pages config, but in the cookies for
https://cms.tengricomics.kzI see that the payload-token domain is third-level domain, not all subdomains as in the auth object
Now it starts to become pretty hard to debug, especially since I can't even resolve your addresses. Anyway, since the payload documentation doesn't mention setting the cors config yourself on the express app, I would try to leave that out the
app.use(cors({...}))portion as that might affect the payload config. As for the cookie config: I would assume that you need to put a * in front of your domain (so '*.tengricomics.kz'), but it might also help to understand your requirements a bit better.
Star
Discord
online
Get dedicated engineering support directly from the Payload team.