"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."
Get the resources you need to start building today
Microsoft chose Payload to tell the world about AI.
I got a undefined in each request in user header.
Hi! Some collections needs a authorization to use some privileged data, so in some collections use access field to show/delete/update those data. In locally work as well, but when I display it to my server, it doesn't work, even when I read, I want to see users data in the console, and I receive an undefined (talking about server, but in locally work as well). I'm sure that I'm sending Auth header using axios, but I dont know why it happens. Can somebody help me? There's some screenshots
Update
I cleared my cookies from VSC Thunderbolt, and there it doesn't work, even sending Authorization header...
But if i logged in again, it works good
@508788190472175629Good morning!
- Are you sure that user.invoices.read is defined?
- Are you sending your front end requests with
credentials: includeor the axios equivalent?
- Is CORS / CSRF configured to allow non-localhost endpoints to receive requests?
Have I to send a header
credentials: include? And cors are configured in payload.config.ts as "*"
If you expect a cookie to be set automatically, the request needs to have "credentials: 'include'"
or whatever axios uses
Adding credentials, now I get this issue
Source:
https://stackoverflow.com/questions/43002444/make-axios-send-cookies-in-its-requests-automaticallyI added CSRF, and didnt work
@1049775120559898725last update, add to cors all domains which im using to development, but it doesn't work
had similar issues before
@508788190472175629, try this in
server.tsapp.use( cors({ // https://stackoverflow.com/a/56189415 // Normally, you can't do `cors: '*'` on the server and credentials: 'include' on the front end // But we want to allow this for development function (origin, callback) { return callback(null, true); }, credentials: true, }) );but make sure to set this conditionally for
dev only, because it allows requests from any origin
@508788190472175629it is always better to be specific in your CORS/CSRF, I would remove the wildcards all together. You are setting cors/csrf in the payload config right?
Yes, I did, right know I remove * from payload.config.ts
Let my try this, I'll keep you updated
oic, so you are not trying to login from a website, just your VSC Thunderbolt?
VSC Thunderbolt are working fine, but in NextJS not...
what port is your frontend served on?
I think is 3000, I dont remember as well right know, I have to check
But I'm using the domain too in production
Right, one thing at a time I guess. Does it work locally? If not you will want to make sure that your frontend url i.e.
http://localhost:3000is in your
csrfarray
Doesn't work locally too
Locally, I'm working with nextJS using port 8080
ok and these ^ are in your payload config? And you restarted the payload server?
Yes
I'm using pm2 as process manager
what does the request in your network panel look like
Here es payload response, when I try to receive the user through request
read: ({ req: { user } }) => console.log(user)Im talking in the browser, what does it look like. Open your inspector, look at the network tab and look for the login request (if that is the request you are making), screenshot that
This is an example of how axios config is setting up, including the headers
Okok, let me take a screenshot
Which option you want to see?
I think req/res headers
Are you setting the Auth header on your axios request? You don't need that since we are using http-only cookies to auth
Yes, I setting up Auth header
ok the general would help too I guess
Are you making a login request first?
Yes, I have a session
If you really want to use the token like that, use
JWTinstead of
Bearerbut normally what I do is make a login request - the cookie is created (since my frontend domain is in the CSRF array), then any subsequent request will pass those http-only cookies to the server when I mark the request with
credentials: includeChanging to JWT, work as well
Thank you so much!!!!
No problem 🙂
Star
Discord
online
Get dedicated engineering support directly from the Payload team.